|
 |
76240a |
From 8455c8556a6d828b15ebc62cf511e484dd626a36 Mon Sep 17 00:00:00 2001
|
|
|
76240a |
From: Matthew Burket <mburket@redhat.com>
|
|
|
76240a |
Date: Fri, 16 Jul 2021 13:16:12 -0500
|
|
|
76240a |
Subject: [PATCH] Add rules for RHEL-08-030610
|
|
|
76240a |
|
|
|
76240a |
Added two rules, one for each of the paths mentioned in the STIG.
|
|
|
76240a |
---
|
|
|
76240a |
.../rule.yml | 35 ++++++++++++++++++
|
|
|
76240a |
.../tests/correct_permissions.pass.sh | 6 ++++
|
|
|
76240a |
.../tests/incorrect_permissions.fail.sh | 6 ++++
|
|
|
76240a |
.../rule.yml | 36 +++++++++++++++++++
|
|
|
76240a |
.../tests/correct_permissions.pass.sh | 6 ++++
|
|
|
76240a |
.../tests/incorrect_permissions.fail.sh | 6 ++++
|
|
|
76240a |
products/rhel8/profiles/stig.profile | 2 ++
|
|
|
76240a |
shared/references/cce-redhat-avail.txt | 2 --
|
|
|
76240a |
.../data/profile_stability/rhel8/stig.profile | 2 ++
|
|
|
76240a |
.../profile_stability/rhel8/stig_gui.profile | 2 ++
|
|
|
76240a |
10 files changed, 101 insertions(+), 2 deletions(-)
|
|
|
76240a |
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
|
|
|
76240a |
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh
|
|
|
76240a |
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh
|
|
|
76240a |
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
|
|
|
76240a |
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh
|
|
|
76240a |
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh
|
|
|
76240a |
|
|
|
76240a |
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
|
|
|
76240a |
new file mode 100644
|
|
|
76240a |
index 0000000000..1cde3ded5f
|
|
|
76240a |
--- /dev/null
|
|
|
76240a |
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
|
|
|
76240a |
@@ -0,0 +1,35 @@
|
|
|
76240a |
+documentation_complete: true
|
|
|
76240a |
+
|
|
|
76240a |
+prodtype: fedora,rhel8
|
|
|
76240a |
+
|
|
|
76240a |
+title: 'Verify Permissions on /etc/audit/auditd.conf'
|
|
|
76240a |
+
|
|
|
76240a |
+description: |-
|
|
|
76240a |
+ {{{ describe_file_permissions(file="/etc/audit/auditd.conf", perms="0640") }}}
|
|
|
76240a |
+
|
|
|
76240a |
+
|
|
|
76240a |
+rationale: |-
|
|
|
76240a |
+ Without the capability to restrict the roles and individuals that can select which events
|
|
|
76240a |
+ are audited, unauthorized personnel may be able to prevent the auditing of critical
|
|
|
76240a |
+ events. Misconfigured audits may degrade the system's performance by overwhelming
|
|
|
76240a |
+ the audit log. Misconfigured audits may also make it more difficult to establish,
|
|
|
76240a |
+ correlate, and investigate the events relating to an incident or identify
|
|
|
76240a |
+ those responsible for one.
|
|
|
76240a |
+
|
|
|
76240a |
+severity: medium
|
|
|
76240a |
+
|
|
|
76240a |
+identifiers:
|
|
|
76240a |
+ cce@rhel8: CCE-85871-2
|
|
|
76240a |
+
|
|
|
76240a |
+references:
|
|
|
76240a |
+ disa: CCI-000171
|
|
|
76240a |
+ nist: AU-12(b)
|
|
|
76240a |
+ srg: SRG-OS-000063-GPOS-00032
|
|
|
76240a |
+ stigid@rhel8: RHEL-08-030610
|
|
|
76240a |
+
|
|
|
76240a |
+template:
|
|
|
76240a |
+ name: file_permissions
|
|
|
76240a |
+ vars:
|
|
|
76240a |
+ filepath: /etc/audit/auditd.conf
|
|
|
76240a |
+ allow_stricter_permissions: "true"
|
|
|
76240a |
+ filemode: '0640'
|
|
|
76240a |
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh
|
|
|
76240a |
new file mode 100644
|
|
|
76240a |
index 0000000000..8c9b782920
|
|
|
76240a |
--- /dev/null
|
|
|
76240a |
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh
|
|
|
76240a |
@@ -0,0 +1,6 @@
|
|
|
76240a |
+#!/bin/bash
|
|
|
76240a |
+
|
|
|
76240a |
+export TESTFILE=/etc/audit/auditd.conf
|
|
|
76240a |
+mkdir -p /etc/audit/
|
|
|
76240a |
+touch $TESTFILE
|
|
|
76240a |
+chmod 0640 $TESTFILE
|
|
|
76240a |
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh
|
|
|
76240a |
new file mode 100644
|
|
|
76240a |
index 0000000000..a460e0dddd
|
|
|
76240a |
--- /dev/null
|
|
|
76240a |
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh
|
|
|
76240a |
@@ -0,0 +1,6 @@
|
|
|
76240a |
+#!/bin/bash
|
|
|
76240a |
+
|
|
|
76240a |
+export TESTFILLE=/etc/audit/auditd.conf
|
|
|
76240a |
+mkdir -p /etc/audit/
|
|
|
76240a |
+touch $TESTFILLE
|
|
|
76240a |
+chmod 0644 $TESTFILLE
|
|
|
76240a |
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
|
|
|
76240a |
new file mode 100644
|
|
|
76240a |
index 0000000000..34e1f30367
|
|
|
76240a |
--- /dev/null
|
|
|
76240a |
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
|
|
|
76240a |
@@ -0,0 +1,36 @@
|
|
|
76240a |
+documentation_complete: true
|
|
|
76240a |
+
|
|
|
76240a |
+prodtype: fedora,rhel8
|
|
|
76240a |
+
|
|
|
76240a |
+title: 'Verify Permissions on /etc/audit/rules.d/*.rules'
|
|
|
76240a |
+
|
|
|
76240a |
+description: |-
|
|
|
76240a |
+ {{{ describe_file_permissions(file="/etc/audit/rules.d/*.rules", perms="0640") }}}
|
|
|
76240a |
+
|
|
|
76240a |
+
|
|
|
76240a |
+rationale: |-
|
|
|
76240a |
+ Without the capability to restrict the roles and individuals that can select which events
|
|
|
76240a |
+ are audited, unauthorized personnel may be able to prevent the auditing of critical
|
|
|
76240a |
+ events. Misconfigured audits may degrade the system's performance by overwhelming
|
|
|
76240a |
+ the audit log. Misconfigured audits may also make it more difficult to establish,
|
|
|
76240a |
+ correlate, and investigate the events relating to an incident or identify
|
|
|
76240a |
+ those responsible for one.
|
|
|
76240a |
+
|
|
|
76240a |
+severity: medium
|
|
|
76240a |
+
|
|
|
76240a |
+identifiers:
|
|
|
76240a |
+ cce@rhel8: CCE-85875-3
|
|
|
76240a |
+
|
|
|
76240a |
+references:
|
|
|
76240a |
+ disa: CCI-000171
|
|
|
76240a |
+ nist: AU-12(b)
|
|
|
76240a |
+ srg: SRG-OS-000063-GPOS-00032
|
|
|
76240a |
+ stigid@rhel8: RHEL-08-030610
|
|
|
76240a |
+
|
|
|
76240a |
+template:
|
|
|
76240a |
+ name: file_permissions
|
|
|
76240a |
+ vars:
|
|
|
76240a |
+ filepath: /etc/audit/rules.d/
|
|
|
76240a |
+ file_regex: ^.*rules$
|
|
|
76240a |
+ allow_stricter_permissions: "true"
|
|
|
76240a |
+ filemode: '0640'
|
|
|
76240a |
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh
|
|
|
76240a |
new file mode 100644
|
|
|
76240a |
index 0000000000..b0a20248c3
|
|
|
76240a |
--- /dev/null
|
|
|
76240a |
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh
|
|
|
76240a |
@@ -0,0 +1,6 @@
|
|
|
76240a |
+#!/bin/bash
|
|
|
76240a |
+
|
|
|
76240a |
+export TESTFILE=/etc/audit/rules.d/test_rule.rules
|
|
|
76240a |
+mkdir -p /etc/audit/rules.d/
|
|
|
76240a |
+touch $TESTFILE
|
|
|
76240a |
+chmod 0640 $TESTFILE
|
|
|
76240a |
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh
|
|
|
76240a |
new file mode 100644
|
|
|
76240a |
index 0000000000..c7fd3a95e9
|
|
|
76240a |
--- /dev/null
|
|
|
76240a |
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh
|
|
|
76240a |
@@ -0,0 +1,6 @@
|
|
|
76240a |
+#!/bin/bash
|
|
|
76240a |
+
|
|
|
76240a |
+export TESTFILLE=/etc/audit/rules.d/test_rule.rules
|
|
|
76240a |
+mkdir -p /etc/audit/rules.d/
|
|
|
76240a |
+touch $TESTFILLE
|
|
|
76240a |
+chmod 0644 $TESTFILLE
|
|
|
76240a |
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
|
|
|
76240a |
index 26d0aa9922..5a0a520ee0 100644
|
|
|
76240a |
--- a/products/rhel8/profiles/stig.profile
|
|
|
76240a |
+++ b/products/rhel8/profiles/stig.profile
|
|
|
76240a |
@@ -801,6 +801,8 @@ selections:
|
|
|
76240a |
- configure_usbguard_auditbackend
|
|
|
76240a |
|
|
|
76240a |
# RHEL-08-030610
|
|
|
76240a |
+ - file_permissions_etc_audit_auditd
|
|
|
76240a |
+ - file_permissions_etc_audit_rulesd
|
|
|
76240a |
|
|
|
76240a |
# RHEL-08-030620
|
|
|
76240a |
|
|
|
76240a |
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
|
|
|
76240a |
index ae3375fd4d..24e8149168 100644
|
|
|
76240a |
--- a/shared/references/cce-redhat-avail.txt
|
|
|
76240a |
+++ b/shared/references/cce-redhat-avail.txt
|
|
|
76240a |
@@ -11,11 +11,9 @@ CCE-85867-0
|
|
|
76240a |
CCE-85868-8
|
|
|
76240a |
CCE-85869-6
|
|
|
76240a |
CCE-85870-4
|
|
|
76240a |
-CCE-85871-2
|
|
|
76240a |
CCE-85872-0
|
|
|
76240a |
CCE-85873-8
|
|
|
76240a |
CCE-85874-6
|
|
|
76240a |
-CCE-85875-3
|
|
|
76240a |
CCE-85876-1
|
|
|
76240a |
CCE-85877-9
|
|
|
76240a |
CCE-85878-7
|
|
|
76240a |
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
|
|
|
76240a |
index a1de1f5561..4be3cf93c2 100644
|
|
|
76240a |
--- a/tests/data/profile_stability/rhel8/stig.profile
|
|
|
76240a |
+++ b/tests/data/profile_stability/rhel8/stig.profile
|
|
|
76240a |
@@ -123,6 +123,8 @@ selections:
|
|
|
76240a |
- file_ownership_var_log_audit
|
|
|
76240a |
- file_permission_user_init_files
|
|
|
76240a |
- file_permissions_binary_dirs
|
|
|
76240a |
+- file_permissions_etc_audit_auditd
|
|
|
76240a |
+- file_permissions_etc_audit_rulesd
|
|
|
76240a |
- file_permissions_home_directories
|
|
|
76240a |
- file_permissions_library_dirs
|
|
|
76240a |
- file_permissions_sshd_private_key
|
|
|
76240a |
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
|
|
|
76240a |
index b7d2be3af3..20b8a54861 100644
|
|
|
76240a |
--- a/tests/data/profile_stability/rhel8/stig_gui.profile
|
|
|
76240a |
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
|
|
|
76240a |
@@ -134,6 +134,8 @@ selections:
|
|
|
76240a |
- file_ownership_var_log_audit
|
|
|
76240a |
- file_permission_user_init_files
|
|
|
76240a |
- file_permissions_binary_dirs
|
|
|
76240a |
+- file_permissions_etc_audit_auditd
|
|
|
76240a |
+- file_permissions_etc_audit_rulesd
|
|
|
76240a |
- file_permissions_home_directories
|
|
|
76240a |
- file_permissions_library_dirs
|
|
|
76240a |
- file_permissions_sshd_private_key
|