From 01397cbe2a62303ef001ab5e5821ffafd6929e41 Mon Sep 17 00:00:00 2001

From: Alex Haydock <alex@alexhaydock.co.uk>

Date: Fri, 6 Aug 2021 16:46:22 +0100

Subject: [PATCH] Update CCEs and identifiers on rules that make up RHEL 8 CIS

 4.1.15

---

 .../audit_rules_privileged_commands_insmod/rule.yml            | 2 ++

 .../audit_rules_privileged_commands_modprobe/rule.yml          | 2 ++

 .../audit_rules_privileged_commands_rmmod/rule.yml             | 2 ++

 shared/references/cce-redhat-avail.txt                         | 3 ---

 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml

index 5c3a99447c..a4ecb0d1e0 100644

--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml

+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml

@@ -28,10 +28,12 @@ severity: medium

 identifiers:

     cce@rhel7: CCE-85851-4

+    cce@rhel8: CCE-85919-9

     cce@sle15: CCE-85744-1

 references:

     cis@rhel7: 4.1.16

+    cis@rhel8: 4.1.15

     cis@ubuntu2004: 4.1.16

     disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884

     nist: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)

diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml

index 5e03dde851..f70c537064 100644

--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml

+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml

@@ -32,10 +32,12 @@ severity: medium

 identifiers:

     cce@rhel7: CCE-85853-0

+    cce@rhel8: CCE-85973-6

     cce@sle15: CCE-85731-8

 references:

     cis@rhel7: 4.1.16

+    cis@rhel8: 4.1.15

     cis@ubuntu2004: 4.1.16

     disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884

     nist: AU-12(a),AU-12.1(ii),AU-3,AU-3.1,AU-12(c),AU-12.1(iv),MA-4(1)(a)

diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml

index 1535041672..113c8fc4bc 100644

--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml

+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml

@@ -28,10 +28,12 @@ severity: medium

 identifiers:

     cce@rhel7: CCE-85852-2

+    cce@rhel8: CCE-86017-1

     cce@sle15: CCE-85732-6

 references:

     cis@rhel7: 4.1.16

+    cis@rhel8: 4.1.15

     cis@ubuntu2004: 4.1.16

     disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884

     nist@sle15: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)

diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt

index 001262c6ee..aaa631515b 100644

--- a/shared/references/cce-redhat-avail.txt

+++ b/shared/references/cce-redhat-avail.txt

@@ -49,7 +49,6 @@ CCE-85915-7

 CCE-85916-5

 CCE-85917-3

 CCE-85918-1

-CCE-85919-9

 CCE-85920-7

 CCE-85921-5

 CCE-85922-3

@@ -100,7 +99,6 @@ CCE-85968-6

 CCE-85969-4

 CCE-85970-2

 CCE-85972-8

-CCE-85973-6

 CCE-85974-4

 CCE-85975-1

 CCE-85976-9

@@ -143,7 +141,6 @@ CCE-86013-0

 CCE-86014-8

 CCE-86015-5

 CCE-86016-3

-CCE-86017-1

 CCE-86018-9

 CCE-86019-7

 CCE-86020-5