From 01397cbe2a62303ef001ab5e5821ffafd6929e41 Mon Sep 17 00:00:00 2001
From: Alex Haydock <alex@alexhaydock.co.uk>
Date: Fri, 6 Aug 2021 16:46:22 +0100
Subject: [PATCH] Update CCEs and identifiers on rules that make up RHEL 8 CIS
4.1.15
---
.../audit_rules_privileged_commands_insmod/rule.yml | 2 ++
.../audit_rules_privileged_commands_modprobe/rule.yml | 2 ++
.../audit_rules_privileged_commands_rmmod/rule.yml | 2 ++
shared/references/cce-redhat-avail.txt | 3 ---
4 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
index 5c3a99447c..a4ecb0d1e0 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
@@ -28,10 +28,12 @@ severity: medium
identifiers:
cce@rhel7: CCE-85851-4
+ cce@rhel8: CCE-85919-9
cce@sle15: CCE-85744-1
references:
cis@rhel7: 4.1.16
+ cis@rhel8: 4.1.15
cis@ubuntu2004: 4.1.16
disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
nist: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
index 5e03dde851..f70c537064 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
@@ -32,10 +32,12 @@ severity: medium
identifiers:
cce@rhel7: CCE-85853-0
+ cce@rhel8: CCE-85973-6
cce@sle15: CCE-85731-8
references:
cis@rhel7: 4.1.16
+ cis@rhel8: 4.1.15
cis@ubuntu2004: 4.1.16
disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
nist: AU-12(a),AU-12.1(ii),AU-3,AU-3.1,AU-12(c),AU-12.1(iv),MA-4(1)(a)
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
index 1535041672..113c8fc4bc 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
@@ -28,10 +28,12 @@ severity: medium
identifiers:
cce@rhel7: CCE-85852-2
+ cce@rhel8: CCE-86017-1
cce@sle15: CCE-85732-6
references:
cis@rhel7: 4.1.16
+ cis@rhel8: 4.1.15
cis@ubuntu2004: 4.1.16
disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
nist@sle15: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index 001262c6ee..aaa631515b 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -49,7 +49,6 @@ CCE-85915-7
CCE-85916-5
CCE-85917-3
CCE-85918-1
-CCE-85919-9
CCE-85920-7
CCE-85921-5
CCE-85922-3
@@ -100,7 +99,6 @@ CCE-85968-6
CCE-85969-4
CCE-85970-2
CCE-85972-8
-CCE-85973-6
CCE-85974-4
CCE-85975-1
CCE-85976-9
@@ -143,7 +141,6 @@ CCE-86013-0
CCE-86014-8
CCE-86015-5
CCE-86016-3
-CCE-86017-1
CCE-86018-9
CCE-86019-7
CCE-86020-5