|
 |
ff1465 |
From f284885e417d86c408c9f94db02b4b7066d316be Mon Sep 17 00:00:00 2001
|
|
|
ff1465 |
From: Watson Sato <wsato@redhat.com>
|
|
|
ff1465 |
Date: Mon, 7 Feb 2022 11:34:16 +0100
|
|
|
ff1465 |
Subject: [PATCH] Add RHEL-08-040321 to RHEL8 STIG profile
|
|
|
ff1465 |
|
|
|
ff1465 |
The STIG doesn't recommend the systems to target the graphical
|
|
|
ff1465 |
environment by default.
|
|
|
ff1465 |
---
|
|
|
ff1465 |
.../disabling_xwindows/xwindows_runlevel_target/rule.yml | 1 +
|
|
|
ff1465 |
products/rhel8/profiles/stig.profile | 3 +++
|
|
|
ff1465 |
products/rhel8/profiles/stig_gui.profile | 3 +++
|
|
|
ff1465 |
tests/data/profile_stability/rhel8/stig.profile | 1 +
|
|
|
ff1465 |
4 files changed, 8 insertions(+)
|
|
|
ff1465 |
|
|
|
ff1465 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
|
|
|
ff1465 |
index de0e359a44e..df56a30be80 100644
|
|
|
ff1465 |
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
|
|
|
ff1465 |
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
|
|
|
ff1465 |
@@ -39,6 +39,7 @@ references:
|
|
|
ff1465 |
nist: CM-7(a),CM-7(b),CM-6(a)
|
|
|
ff1465 |
nist-csf: PR.AC-3,PR.PT-4
|
|
|
ff1465 |
srg: SRG-OS-000480-GPOS-00227
|
|
|
ff1465 |
+ stigid@rhel8: RHEL-08-040321
|
|
|
ff1465 |
|
|
|
ff1465 |
ocil_clause: 'the X windows display server is running and/or has not been disabled'
|
|
|
ff1465 |
|
|
|
ff1465 |
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
|
|
|
ff1465 |
index 09fa85df181..ffca983d0bd 100644
|
|
|
ff1465 |
--- a/products/rhel8/profiles/stig.profile
|
|
|
ff1465 |
+++ b/products/rhel8/profiles/stig.profile
|
|
|
ff1465 |
@@ -1169,6 +1169,9 @@ selections:
|
|
|
ff1465 |
# RHEL-08-040320
|
|
|
ff1465 |
- xwindows_remove_packages
|
|
|
ff1465 |
|
|
|
ff1465 |
+ # RHEL-08-040321
|
|
|
ff1465 |
+ - xwindows_runlevel_target
|
|
|
ff1465 |
+
|
|
|
ff1465 |
# RHEL-08-040330
|
|
|
ff1465 |
- network_sniffer_disabled
|
|
|
ff1465 |
|
|
|
ff1465 |
diff --git a/products/rhel8/profiles/stig_gui.profile b/products/rhel8/profiles/stig_gui.profile
|
|
|
ff1465 |
index d1577215b07..d29ceb9c54e 100644
|
|
|
ff1465 |
--- a/products/rhel8/profiles/stig_gui.profile
|
|
|
ff1465 |
+++ b/products/rhel8/profiles/stig_gui.profile
|
|
|
ff1465 |
@@ -35,3 +35,6 @@ extends: stig
|
|
|
ff1465 |
selections:
|
|
|
ff1465 |
# RHEL-08-040320
|
|
|
ff1465 |
- '!xwindows_remove_packages'
|
|
|
ff1465 |
+
|
|
|
ff1465 |
+ # RHEL-08-040321
|
|
|
ff1465 |
+ - '!xwindows_runlevel_target'
|
|
|
ff1465 |
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
|
|
|
ff1465 |
index 9c05c27117c..e4fee44f9f9 100644
|
|
|
ff1465 |
--- a/tests/data/profile_stability/rhel8/stig.profile
|
|
|
ff1465 |
+++ b/tests/data/profile_stability/rhel8/stig.profile
|
|
|
ff1465 |
@@ -398,6 +398,7 @@ selections:
|
|
|
ff1465 |
- usbguard_generate_policy
|
|
|
ff1465 |
- wireless_disable_interfaces
|
|
|
ff1465 |
- xwindows_remove_packages
|
|
|
ff1465 |
+- xwindows_runlevel_target
|
|
|
ff1465 |
- var_rekey_limit_size=1G
|
|
|
ff1465 |
- var_rekey_limit_time=1hour
|
|
|
ff1465 |
- var_accounts_user_umask=077
|