rpms / scap-security-guide

Clone
Source Code
GIT

Files

  1.   889f2b583f8e6c5f14571e0d693652afe8844c45
  2.   SOURCES
  3.   scap-security-guide-0.1.58-fix_STIG_references-PR_7371.patch
Blob Blame History Raw 
From 859684c560e948a439029b0d180fe23659d85141 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Tue, 10 Aug 2021 12:04:16 +0200
Subject: [PATCH] Remove inexistent and/or duplicated STIG references.

---
 .../package_xorg-x11-server-common_removed/rule.yml             | 1 -
 .../accounts_password_pam_unix_remember/rule.yml                | 1 -
 .../audit_rules_sysadmin_actions/rule.yml                       | 1 -
 .../file_ownership_var_log_audit/rule.yml                       | 1 -
 .../auditd_data_retention_space_left_action/rule.yml            | 2 +-
 .../harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml     | 1 -
 .../rule.yml                                                    | 2 +-
 .../crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml | 1 -
 8 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
index de8f0f6fd8..6e739d21a2 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
@@ -42,7 +42,6 @@ references:
     nist-csf: PR.AC-3,PR.PT-4
     srg: SRG-OS-000480-GPOS-00227
     stigid@rhel7: RHEL-07-040730
-    stigid@rhel8: RHEL-08-040320
 
 ocil_clause: 'the X Windows package group or xorg-x11-server-common has not be removed'
 
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
index 9138681688..a2b66fc4d6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
@@ -50,7 +50,6 @@ references:
     srg: SRG-OS-000077-GPOS-00045
     stigid@ol7: OL07-00-010270
     stigid@rhel7: RHEL-07-010270
-    stigid@rhel8: RHEL-08-020220
     stigid@sle15: SLES-15-020250
     stigid@ubuntu2004: UBTU-20-010070
     vmmsrg: SRG-OS-000077-VMM-000440
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
index 12bca676d8..b4291e168c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
@@ -50,7 +50,6 @@ references:
     srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,CCI-002884,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221
     stigid@ol7: OL07-00-030700
     stigid@rhel7: RHEL-07-030700
-    stigid@rhel8: RHEL-08-030172
     stigid@sle15: SLES-15-030140
     vmmsrg: SRG-OS-000462-VMM-001840,SRG-OS-000471-VMM-001910
 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
index 956beef52b..96bc0fa0b8 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
@@ -35,7 +35,6 @@ references:
     srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
     stigid@ol7: OL07-00-910055
     stigid@rhel7: RHEL-07-910055
-    stigid@rhel8: RHEL-08-030080
 
 ocil: |-
     {{{ describe_file_owner(file="/var/log/audit", owner="root") }}}
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
index 6e30f1c4ac..7569a6776b 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
@@ -53,7 +53,7 @@ references:
     srg: SRG-OS-000343-GPOS-00134
     stigid@ol7: OL07-00-030340
     stigid@rhel7: RHEL-07-030340
-    stigid@rhel8: RHEL-08-030730
+    stigid@rhel8: RHEL-08-030731
     stigid@ubuntu2004: UBTU-20-010217
     vmmsrg: SRG-OS-000343-VMM-001240
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
index 0aa310d924..682ca436b8 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
@@ -30,7 +30,6 @@ references:
     disa: CCI-001453
     nist: AC-17(2)
     srg: SRG-OS-000250-GPOS-00093
-    stigid@rhel8: RHEL-08-010291
 
 ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
index b56f2421f2..e904bc848c 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
@@ -30,7 +30,7 @@ references:
     disa: CCI-001453
     nist: AC-17(2)
     srg: SRG-OS-000250-GPOS-00093
-    stigid@rhel8: RHEL-08-010290
+    stigid@rhel8: RHEL-08-010291
 
 ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
index 1aeb987db2..d21f68ac17 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
@@ -28,7 +28,6 @@ references:
     disa: CCI-001453
     nist: AC-17(2)
     srg: SRG-OS-000250-GPOS-00093
-    stigid@rhel8: RHEL-08-010290
 
 ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation