From fae75e8f00cf5de18c4c1813d94987e848f14233 Mon Sep 17 00:00:00 2001

From: Watson Sato <wsato@redhat.com>

Date: Thu, 24 Nov 2022 14:40:15 +0100

Subject: [PATCH] Map selinux_user_login_roles to RHEL-08-040400

This STIG ID is a new addition in DISA RHEL8 STIG V1R8

---

 .../guide/system/selinux/selinux_user_login_roles/rule.yml     | 2 ++

 products/rhel8/profiles/stig.profile                           | 3 +++

 shared/references/cce-redhat-avail.txt                         | 1 -

 tests/data/profile_stability/rhel8/stig.profile                | 1 +

 tests/data/profile_stability/rhel8/stig_gui.profile            | 1 +

 5 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml

index 053d4341bbd..d4c211c1062 100644

--- a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml

+++ b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml

@@ -34,6 +34,7 @@ severity: medium

 identifiers:

     cce@rhel7: CCE-80543-2

+    cce@rhel8: CCE-86353-0

 references:

     disa: CCI-002165,CCI-002235

@@ -41,6 +42,7 @@ references:

     stigid@ol7: OL07-00-020020

     stigid@ol8: OL08-00-040400

     stigid@rhel7: RHEL-07-020020

+    stigid@rhel8: RHEL-08-040400

 ocil_clause: 'non-admin users are not confined correctly'

diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile

index d184957f28c..fe699f34beb 100644

--- a/products/rhel8/profiles/stig.profile

+++ b/products/rhel8/profiles/stig.profile

@@ -1207,5 +1207,8 @@ selections:

     # RHEL-08-040390

     - package_tuned_removed

+    # RHEL-08-040400

+    - selinux_user_login_roles

+

     # RHEL-08-010163

     - package_krb5-server_removed

diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt

index d2fcd6421e1..9575ecac8c9 100644

--- a/shared/references/cce-redhat-avail.txt

+++ b/shared/references/cce-redhat-avail.txt

@@ -210,7 +210,6 @@ CCE-86343-1

 CCE-86347-2

 CCE-86351-4

 CCE-86352-2

-CCE-86353-0

 CCE-86355-5

 CCE-86357-1

 CCE-86358-9

diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile

index 51971451996..6ddf29e7bfe 100644

--- a/tests/data/profile_stability/rhel8/stig.profile

+++ b/tests/data/profile_stability/rhel8/stig.profile

@@ -343,6 +343,7 @@ selections:

 - security_patches_up_to_date

 - selinux_policytype

 - selinux_state

+- selinux_user_login_roles

 - service_auditd_enabled

 - service_autofs_disabled

 - service_debug-shell_disabled

diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile

index fd150744167..fb8f5602dac 100644

--- a/tests/data/profile_stability/rhel8/stig_gui.profile

+++ b/tests/data/profile_stability/rhel8/stig_gui.profile

@@ -353,6 +353,7 @@ selections:

 - security_patches_up_to_date

 - selinux_policytype

 - selinux_state

+- selinux_user_login_roles

 - service_auditd_enabled

 - service_autofs_disabled

 - service_debug-shell_disabled