Blob Blame History Raw
From 01397cbe2a62303ef001ab5e5821ffafd6929e41 Mon Sep 17 00:00:00 2001
From: Alex Haydock <alex@alexhaydock.co.uk>
Date: Fri, 6 Aug 2021 16:46:22 +0100
Subject: [PATCH] Update CCEs and identifiers on rules that make up RHEL 8 CIS
 4.1.15

---
 .../audit_rules_privileged_commands_insmod/rule.yml            | 2 ++
 .../audit_rules_privileged_commands_modprobe/rule.yml          | 2 ++
 .../audit_rules_privileged_commands_rmmod/rule.yml             | 2 ++
 shared/references/cce-redhat-avail.txt                         | 3 ---
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
index 5c3a99447c..a4ecb0d1e0 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
@@ -28,10 +28,12 @@ severity: medium
 
 identifiers:
     cce@rhel7: CCE-85851-4
+    cce@rhel8: CCE-85919-9
     cce@sle15: CCE-85744-1
 
 references:
     cis@rhel7: 4.1.16
+    cis@rhel8: 4.1.15
     cis@ubuntu2004: 4.1.16
     disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
     nist: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
index 5e03dde851..f70c537064 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
@@ -32,10 +32,12 @@ severity: medium
 
 identifiers:
     cce@rhel7: CCE-85853-0
+    cce@rhel8: CCE-85973-6
     cce@sle15: CCE-85731-8
 
 references:
     cis@rhel7: 4.1.16
+    cis@rhel8: 4.1.15
     cis@ubuntu2004: 4.1.16
     disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
     nist: AU-12(a),AU-12.1(ii),AU-3,AU-3.1,AU-12(c),AU-12.1(iv),MA-4(1)(a)
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
index 1535041672..113c8fc4bc 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
@@ -28,10 +28,12 @@ severity: medium
 
 identifiers:
     cce@rhel7: CCE-85852-2
+    cce@rhel8: CCE-86017-1
     cce@sle15: CCE-85732-6
 
 references:
     cis@rhel7: 4.1.16
+    cis@rhel8: 4.1.15
     cis@ubuntu2004: 4.1.16
     disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
     nist@sle15: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index 001262c6ee..aaa631515b 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -49,7 +49,6 @@ CCE-85915-7
 CCE-85916-5
 CCE-85917-3
 CCE-85918-1
-CCE-85919-9
 CCE-85920-7
 CCE-85921-5
 CCE-85922-3
@@ -100,7 +99,6 @@ CCE-85968-6
 CCE-85969-4
 CCE-85970-2
 CCE-85972-8
-CCE-85973-6
 CCE-85974-4
 CCE-85975-1
 CCE-85976-9
@@ -143,7 +141,6 @@ CCE-86013-0
 CCE-86014-8
 CCE-86015-5
 CCE-86016-3
-CCE-86017-1
 CCE-86018-9
 CCE-86019-7
 CCE-86020-5