rpms / scap-security-guide

Clone
Source Code
GIT

Files

  1.   c957b4e696e5ecf0a69844b2dd37d073e4d34868
  2.   SOURCES
  3.   scap-security-guide-0.1.50-add_missing_cces_for_cis_PR_5329.patch
Blob Blame History Raw 
From 7dc066ba15b4afa2eb5b55dfa468e6c506904b9c Mon Sep 17 00:00:00 2001
From: Milan Lysonek <mlysonek@redhat.com>
Date: Mon, 23 Mar 2020 13:17:41 +0100
Subject: [PATCH 1/2] Add missing CCEs for rules from CIS profile in RHEL7.

---
 .../system/accounts/accounts-banners/banner_etc_motd/rule.yml  | 3 +++
 .../network-uncommon/kernel_module_tipc_disabled/rule.yml      | 1 +
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
index bcd5593d6b..4345173e72 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
@@ -48,6 +48,9 @@ rationale: |-
 
 severity: medium
 
+identifiers:
+    cce@rhel7: 83394-7
+
 ocil_clause: 'it does not display the required banner'
 
 ocil: |-
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
index ec4ee3d5a1..71aa0dcd2d 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
@@ -23,6 +23,7 @@ severity: medium
 
 identifiers:
     cce@rhel6: 26696-5
+    cce@rhel7: 83395-4
     cce@rhel8: 82297-3
     cce@ocp4: 82520-8
 

From d757e03b3af18b416a3f11e43b0a721f0c5bc134 Mon Sep 17 00:00:00 2001
From: Milan Lysonek <mlysonek@redhat.com>
Date: Mon, 23 Mar 2020 13:24:57 +0100
Subject: [PATCH 2/2] Add missing CCEs for rules from CIS profile in RHEL8.

---
 .../ssh/ssh_server/sshd_set_max_auth_tries/rule.yml         | 1 +
 .../accounts/accounts-banners/banner_etc_motd/rule.yml      | 1 +
 .../wireless_software/wireless_disable_interfaces/rule.yml  | 1 +
 .../files/file_permissions_ungroupowned/rule.yml            | 1 +
 .../permissions/files/no_files_unowned_by_user/rule.yml     | 1 +
 .../mounting/kernel_module_squashfs_disabled/rule.yml       | 1 +
 7 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml
index 1661b78773..7b5750ee0d 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml
@@ -16,6 +16,7 @@ severity: medium
 
 identifiers:
     cce@rhel7: 82354-2
+    cce@rhel8: 83500-9
 
 references:
     cis@debian8: 9.3.5
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
index 4345173e72..8e872c0944 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
@@ -50,6 +50,7 @@ severity: medium
 
 identifiers:
     cce@rhel7: 83394-7
+    cce@rhel8: 83496-0
 
 ocil_clause: 'it does not display the required banner'
 
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
index 3b16dbf456..76d94fe8f1 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
@@ -26,6 +26,7 @@ severity: medium
 identifiers:
     cce@rhel6: 27057-9
     cce@rhel7: 27358-1
+    cce@rhel8: 83501-7
     cce@ocp4: 82660-2
 
 references:
diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
index 2fe8c27da3..6ee1e123cb 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
@@ -24,6 +24,7 @@ severity: medium
 identifiers:
     cce@rhel6: 26872-2
     cce@rhel7: 80135-7
+    cce@rhel8: 83497-8
 
 references:
     disa@rhel6: '224'
diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
index a8bf12ff81..70515fd9a6 100644
--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
+++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
@@ -24,6 +24,7 @@ severity: medium
 identifiers:
     cce@rhel6: 27032-2
     cce@rhel7: 80134-0
+    cce@rhel8: 83499-4
 
 references:
     disa@rhel6: '224'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
index 5eae44757d..94898a2a4f 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
@@ -22,6 +22,7 @@ severity: low
 identifiers:
     cce@rhel6: 26404-4
     cce@rhel7: 80142-3
+    cce@rhel8: 83498-6
     cce@ocp4: 82717-0
 
 references:

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation