rpms / scap-security-guide

Clone
Source Code
GIT

Files

  1.   f6303c6fb4f0faac5938f1045bc4fd02351b4455
  2.   SOURCES
  3.   scap-security-guide-0.1.66-map_stig_rhel_08_040400-PR_9878.patch
Blob Blame History Raw 
From fae75e8f00cf5de18c4c1813d94987e848f14233 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Thu, 24 Nov 2022 14:40:15 +0100
Subject: [PATCH] Map selinux_user_login_roles to RHEL-08-040400

This STIG ID is a new addition in DISA RHEL8 STIG V1R8
---
 .../guide/system/selinux/selinux_user_login_roles/rule.yml     | 2 ++
 products/rhel8/profiles/stig.profile                           | 3 +++
 shared/references/cce-redhat-avail.txt                         | 1 -
 tests/data/profile_stability/rhel8/stig.profile                | 1 +
 tests/data/profile_stability/rhel8/stig_gui.profile            | 1 +
 5 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
index 053d4341bbd..d4c211c1062 100644
--- a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
@@ -34,6 +34,7 @@ severity: medium
 
 identifiers:
     cce@rhel7: CCE-80543-2
+    cce@rhel8: CCE-86353-0
 
 references:
     disa: CCI-002165,CCI-002235
@@ -41,6 +42,7 @@ references:
     stigid@ol7: OL07-00-020020
     stigid@ol8: OL08-00-040400
     stigid@rhel7: RHEL-07-020020
+    stigid@rhel8: RHEL-08-040400
 
 ocil_clause: 'non-admin users are not confined correctly'
 
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
index d184957f28c..fe699f34beb 100644
--- a/products/rhel8/profiles/stig.profile
+++ b/products/rhel8/profiles/stig.profile
@@ -1207,5 +1207,8 @@ selections:
     # RHEL-08-040390
     - package_tuned_removed
 
+    # RHEL-08-040400
+    - selinux_user_login_roles
+
     # RHEL-08-010163
     - package_krb5-server_removed
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index d2fcd6421e1..9575ecac8c9 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -210,7 +210,6 @@ CCE-86343-1
 CCE-86347-2
 CCE-86351-4
 CCE-86352-2
-CCE-86353-0
 CCE-86355-5
 CCE-86357-1
 CCE-86358-9
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
index 51971451996..6ddf29e7bfe 100644
--- a/tests/data/profile_stability/rhel8/stig.profile
+++ b/tests/data/profile_stability/rhel8/stig.profile
@@ -343,6 +343,7 @@ selections:
 - security_patches_up_to_date
 - selinux_policytype
 - selinux_state
+- selinux_user_login_roles
 - service_auditd_enabled
 - service_autofs_disabled
 - service_debug-shell_disabled
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
index fd150744167..fb8f5602dac 100644
--- a/tests/data/profile_stability/rhel8/stig_gui.profile
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
@@ -353,6 +353,7 @@ selections:
 - security_patches_up_to_date
 - selinux_policytype
 - selinux_state
+- selinux_user_login_roles
 - service_auditd_enabled
 - service_autofs_disabled
 - service_debug-shell_disabled

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation