rpms / scap-security-guide

Clone
Source Code
GIT

Files

  1.   b5e1786ee96edc3aeff458e09d74d706e7313aaa
  2.   SOURCES
  3.   scap-security-guide-0.1.55-OL7_DISA_STIG_v2r2_update-PR_6607.patch
Blob Blame History Raw 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
index 7da2e067a6..5d01170aab 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
@@ -33,6 +33,7 @@ references:
     cis@sle12: 5.2.4
     cis@sle15: 5.2.6
     stigid@rhel7: RHEL-07-040710
+    stigid@ol7: OL07-00-040710
     srg: SRG-OS-000480-GPOS-00227
     disa: CCI-000366
     nist: CM-6(b)
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/rule.yml
index 87c3cb7f5a..5683676bfc 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/rule.yml
@@ -23,7 +23,6 @@ identifiers:
     cce@sle12: CCE-83017-4
 
 references:
-    stigid@ol7: OL07-00-040710
     cui: 3.1.13
     disa: CCI-000366
     nist: CM-6(a),AC-17(a),AC-17(2)
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
index 50c7d689af..42cb32e30e 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,rhel7,rhel8,wrlinux1019,wrlinux8
+prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019,wrlinux8
 
 title: 'Use Only FIPS 140-2 Validated Ciphers'
 
@@ -51,7 +51,6 @@ identifiers:
     cce@rhel8: CCE-81032-5
 
 references:
-    stigid@ol7: OL07-00-040110
     cis: 5.2.10
     cjis: 5.5.6
     cui: 3.1.13,3.13.11,3.13.8
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml
index 0751064179..73de17af35 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7
+prodtype: ol7,rhel7
 
 title: 'Use Only FIPS 140-2 Validated Ciphers'
 
@@ -32,6 +32,7 @@ references:
     disa: CCI-000068,CCI-000366,CCI-000803,CCI-000877,CCI-002890,CCI-003123
     srg: SRG-OS-000033-GPOS-00014,SRG-OS-000120-GPOS-00061,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
     stigid@rhel7: RHEL-07-040110
+    stigid@ol7: OL07-00-040110
 
 ocil_clause: 'FIPS ciphers are not configured or the enabled ciphers are not FIPS-approved'
 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
index c490756daf..13997f9418 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,rhel7,rhel8,sle12,wrlinux1019
+prodtype: ol7,ol8,rhel7,rhel8,sle12,wrlinux1019
 
 title: 'Use Only FIPS 140-2 Validated MACs'
 
@@ -46,7 +46,6 @@ identifiers:
     cce@sle12: CCE-83036-4
 
 references:
-    stigid@ol7: OL07-00-040400
     cis: 5.2.12
     cui: 3.1.13,3.13.11,3.13.8
     disa: CCI-000068,CCI-000803,CCI-000877,CCI-001453,CCI-003123
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml
index 88d2d77e14..bd597f0860 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7
+prodtype: ol7,rhel7
 
 title: 'Use Only FIPS 140-2 Validated MACs'
 
@@ -25,6 +25,7 @@ references:
     disa: CCI-000068,CCI-000803,CCI-000877,CCI-001453,CCI-003123
     srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000394-GPOS-00174
     stigid@rhel7: RHEL-07-040400
+    stigid@ol7: OL07-00-040400
 
 ocil_clause: 'MACs option is commented out or not using FIPS-approved hash algorithms'
 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
index 7267d2443a..b0fe065d86 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
@@ -26,6 +26,7 @@ identifiers:
 references:
     srg: SRG-OS-000480-GPOS-00227
     stig@rhel7: RHEL-07-040711
+    stig@ol7: OL07-00-040711
     disa: CCI-000366
     nist: CM-6(b)
 
diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
index 820a942220..dfcbbafd17 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
@@ -36,4 +36,4 @@ ocil_clause: 'the group ownership is incorrect'
 ocil: |-
     To verify the assigned home directory of all interactive users is group-
     owned by that users primary GID, run the following command:
-    <pre>$ sudo ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)</pre>
+    <pre># ls -ld $(awk -F: '($3&gt;=1000)&amp;&amp;($7 !~ /nologin/){print $6}' /etc/passwd)</pre>
diff --git a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
index 7d5778d4f6..37cb36cda3 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
@@ -30,4 +30,4 @@ ocil_clause: 'the user ownership is incorrect'
 
 ocil: |-
     To verify the home directory ownership, run the following command:
-    <pre>$ sudo ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)</pre>
+    <pre># ls -ld $(awk -F: '($3&gt;=1000)&amp;&amp;($7 !~ /nologin/){print $6}' /etc/passwd)</pre>

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation