rpms / scap-security-guide

Clone
Source Code
GIT

Blame SOURCES/scap-security-guide-0.1.55-OL7_DISA_STIG_v2r2_update-PR_6607.patch

c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   b5e1786ee96edc3aeff458e09d74d706e7313aaa
  2.   SOURCES
  3.   scap-security-guide-0.1.55-OL7_DISA_STIG_v2r2_update-PR_6607.patch
Blob History Raw
b5e178 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
b5e178 
index 7da2e067a6..5d01170aab 100644
b5e178 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
b5e178 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
b5e178 
@@ -33,6 +33,7 @@ references:
b5e178 
     cis@sle12: 5.2.4
b5e178 
     cis@sle15: 5.2.6
b5e178 
     stigid@rhel7: RHEL-07-040710
b5e178 
+    stigid@ol7: OL07-00-040710
b5e178 
     srg: SRG-OS-000480-GPOS-00227
b5e178 
     disa: CCI-000366
b5e178 
     nist: CM-6(b)
b5e178 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/rule.yml
b5e178 
index 87c3cb7f5a..5683676bfc 100644
b5e178 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/rule.yml
b5e178 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/rule.yml
b5e178 
@@ -23,7 +23,6 @@ identifiers:
b5e178 
     cce@sle12: CCE-83017-4
b5e178
b5e178 
 references:
b5e178 
-    stigid@ol7: OL07-00-040710
b5e178 
     cui: 3.1.13
b5e178 
     disa: CCI-000366
b5e178 
     nist: CM-6(a),AC-17(a),AC-17(2)
b5e178 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
b5e178 
index 50c7d689af..42cb32e30e 100644
b5e178 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
b5e178 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
b5e178 
@@ -1,6 +1,6 @@
b5e178 
 documentation_complete: true
b5e178
b5e178 
-prodtype: ol7,rhel7,rhel8,wrlinux1019,wrlinux8
b5e178 
+prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019,wrlinux8
b5e178
b5e178 
 title: 'Use Only FIPS 140-2 Validated Ciphers'
b5e178
b5e178 
@@ -51,7 +51,6 @@ identifiers:
b5e178 
     cce@rhel8: CCE-81032-5
b5e178
b5e178 
 references:
b5e178 
-    stigid@ol7: OL07-00-040110
b5e178 
     cis: 5.2.10
b5e178 
     cjis: 5.5.6
b5e178 
     cui: 3.1.13,3.13.11,3.13.8
b5e178 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml
b5e178 
index 0751064179..73de17af35 100644
b5e178 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml
b5e178 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml
b5e178 
@@ -1,6 +1,6 @@
b5e178 
 documentation_complete: true
b5e178
b5e178 
-prodtype: rhel7
b5e178 
+prodtype: ol7,rhel7
b5e178
b5e178 
 title: 'Use Only FIPS 140-2 Validated Ciphers'
b5e178
b5e178 
@@ -32,6 +32,7 @@ references:
b5e178 
     disa: CCI-000068,CCI-000366,CCI-000803,CCI-000877,CCI-002890,CCI-003123
b5e178 
     srg: SRG-OS-000033-GPOS-00014,SRG-OS-000120-GPOS-00061,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
b5e178 
     stigid@rhel7: RHEL-07-040110
b5e178 
+    stigid@ol7: OL07-00-040110
b5e178
b5e178 
 ocil_clause: 'FIPS ciphers are not configured or the enabled ciphers are not FIPS-approved'
b5e178
b5e178 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
b5e178 
index c490756daf..13997f9418 100644
b5e178 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
b5e178 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
b5e178 
@@ -1,6 +1,6 @@
b5e178 
 documentation_complete: true
b5e178
b5e178 
-prodtype: ol7,rhel7,rhel8,sle12,wrlinux1019
b5e178 
+prodtype: ol7,ol8,rhel7,rhel8,sle12,wrlinux1019
b5e178
b5e178 
 title: 'Use Only FIPS 140-2 Validated MACs'
b5e178
b5e178 
@@ -46,7 +46,6 @@ identifiers:
b5e178 
     cce@sle12: CCE-83036-4
b5e178
b5e178 
 references:
b5e178 
-    stigid@ol7: OL07-00-040400
b5e178 
     cis: 5.2.12
b5e178 
     cui: 3.1.13,3.13.11,3.13.8
b5e178 
     disa: CCI-000068,CCI-000803,CCI-000877,CCI-001453,CCI-003123
b5e178 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml
b5e178 
index 88d2d77e14..bd597f0860 100644
b5e178 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml
b5e178 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml
b5e178 
@@ -1,6 +1,6 @@
b5e178 
 documentation_complete: true
b5e178
b5e178 
-prodtype: rhel7
b5e178 
+prodtype: ol7,rhel7
b5e178
b5e178 
 title: 'Use Only FIPS 140-2 Validated MACs'
b5e178
b5e178 
@@ -25,6 +25,7 @@ references:
b5e178 
     disa: CCI-000068,CCI-000803,CCI-000877,CCI-001453,CCI-003123
b5e178 
     srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000394-GPOS-00174
b5e178 
     stigid@rhel7: RHEL-07-040400
b5e178 
+    stigid@ol7: OL07-00-040400
b5e178
b5e178 
 ocil_clause: 'MACs option is commented out or not using FIPS-approved hash algorithms'
b5e178
b5e178 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
b5e178 
index 7267d2443a..b0fe065d86 100644
b5e178 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
b5e178 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
b5e178 
@@ -26,6 +26,7 @@ identifiers:
b5e178 
 references:
b5e178 
     srg: SRG-OS-000480-GPOS-00227
b5e178 
     stig@rhel7: RHEL-07-040711
b5e178 
+    stig@ol7: OL07-00-040711
b5e178 
     disa: CCI-000366
b5e178 
     nist: CM-6(b)
b5e178
b5e178 
diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
b5e178 
index 820a942220..dfcbbafd17 100644
b5e178 
--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
b5e178 
+++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
b5e178 
@@ -36,4 +36,4 @@ ocil_clause: 'the group ownership is incorrect'
b5e178 
 ocil: |-
b5e178 
     To verify the assigned home directory of all interactive users is group-
b5e178 
     owned by that users primary GID, run the following command:
b5e178 
-    
$ sudo ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)
b5e178 
+    
# ls -ld $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd)
b5e178 
diff --git a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
b5e178 
index 7d5778d4f6..37cb36cda3 100644
b5e178 
--- a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
b5e178 
+++ b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
b5e178 
@@ -30,4 +30,4 @@ ocil_clause: 'the user ownership is incorrect'
b5e178
b5e178 
 ocil: |-
b5e178 
     To verify the home directory ownership, run the following command:
b5e178 
-    
$ sudo ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)
b5e178 
+    
# ls -ld $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd)
b5e178

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation