From d0f70c7a7383dd41277599cb776e03534aa2137c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Wed, 30 Oct 2019 18:11:09 +0100
Subject: [PATCH 1/2] Remove audit_rules_for_ospp from RHEL 7 OSPP
The audit rule `-a always,exit -F dir=/var/log/audit/
-F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail
is present in /usr/share/doc/audit-2.8.5/rules/30-ospp-v42.rules
(checked on audit-2.8.5-4.el7.x86_64). That means this audir rule
is already checked and remediated by rule `audit_rules_for_ospp`.
---
rhel7/profiles/ospp.profile | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/rhel7/profiles/ospp.profile b/rhel7/profiles/ospp.profile
index e20c58875d..81762ad782 100644
--- a/rhel7/profiles/ospp.profile
+++ b/rhel7/profiles/ospp.profile
@@ -285,13 +285,11 @@ selections:
## AU-2(a) / FAU_GEN.1.1.c
## Audit Kernel Module Loading and Unloading Events (Success/Failure)
## AU-2(a) / FAU_GEN.1.1.c
- - audit_rules_for_ospp
-
## Audit All Audit and Log Data Accesses (Success/Failure)
## CNSSI 1253 Value or DoD-specific Values:
## - Audit and log data access (Success/Failure)
## AU-2(a) / FAU_GEN.1.1.c
- - directory_access_var_log_audit
+ - audit_rules_for_ospp
### SELinux Configuration
From 0b822d21cdee7c7da136337a45e9c7136b7d576e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Thu, 31 Oct 2019 15:23:01 +0100
Subject: [PATCH 2/2] Make comments the same
---
rhel7/profiles/ospp.profile | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/rhel7/profiles/ospp.profile b/rhel7/profiles/ospp.profile
index 81762ad782..a3168d51a7 100644
--- a/rhel7/profiles/ospp.profile
+++ b/rhel7/profiles/ospp.profile
@@ -278,6 +278,10 @@ selections:
## CNSSI 1253 Value or DoD-specific Values:
## - Privilege/Role escalation (Success/Failure)
## AU-2(a) / FAU_GEN.1.1.c
+ ## Audit All Audit and Log Data Accesses (Success/Failure)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## - Audit and log data access (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
## Audit Cryptographic Verification of Software (Success/Failure)
## CNSSI 1253 Value or DoD-specific Values:
## - Applications (e.g. Firefox, Internet Explorer, MS Office Suite,
@@ -285,10 +289,6 @@ selections:
## AU-2(a) / FAU_GEN.1.1.c
## Audit Kernel Module Loading and Unloading Events (Success/Failure)
## AU-2(a) / FAU_GEN.1.1.c
- ## Audit All Audit and Log Data Accesses (Success/Failure)
- ## CNSSI 1253 Value or DoD-specific Values:
- ## - Audit and log data access (Success/Failure)
- ## AU-2(a) / FAU_GEN.1.1.c
- audit_rules_for_ospp