diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml index a0b3efcbf79..1bc7afbb224 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030410 stigid@ol8: OL08-00-030540 stigid@rhel7: RHEL-07-030420 - stigid@rhel8: RHEL-08-030540 + stigid@rhel8: RHEL-08-030490 stigid@sle12: SLES-12-020470 stigid@sle15: SLES-15-030300 stigid@ubuntu2004: UBTU-20-010153 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml index 83dd57f2b6d..dc8211684f2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030410 stigid@ol8: OL08-00-030530 stigid@rhel7: RHEL-07-030430 - stigid@rhel8: RHEL-08-030530 + stigid@rhel8: RHEL-08-030490 stigid@sle12: SLES-12-020480 stigid@sle15: SLES-15-030310 stigid@ubuntu2004: UBTU-20-010154 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml index 1b78aab4a1a..07592bb2fd9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml @@ -61,7 +61,7 @@ references: stigid@ol7: OL07-00-030370 stigid@ol8: OL08-00-030520 stigid@rhel7: RHEL-07-030380 - stigid@rhel8: RHEL-08-030520 + stigid@rhel8: RHEL-08-030480 stigid@sle12: SLES-12-020430 stigid@sle15: SLES-15-030260 stigid@ubuntu2004: UBTU-20-010149 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml index 360c60de06d..084970765b2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030370 stigid@ol8: OL08-00-030510 stigid@rhel7: RHEL-07-030400 - stigid@rhel8: RHEL-08-030510 + stigid@rhel8: RHEL-08-030480 stigid@sle12: SLES-12-020450 stigid@sle15: SLES-15-030280 stigid@ubuntu2004: UBTU-20-010150 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml index 19bf8a5b981..5695440ad7d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml @@ -75,7 +75,7 @@ references: stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030240 stigid@rhel7: RHEL-07-030480 - stigid@rhel8: RHEL-08-030240 + stigid@rhel8: RHEL-08-030200 stigid@sle12: SLES-12-020410 stigid@sle15: SLES-15-030210 stigid@ubuntu2004: UBTU-20-010147 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml index 40cd114042e..ab536a8ae0a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml @@ -70,7 +70,7 @@ references: stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030230 stigid@rhel7: RHEL-07-030450 - stigid@rhel8: RHEL-08-030230 + stigid@rhel8: RHEL-08-030200 stigid@sle12: SLES-12-020380 stigid@sle15: SLES-15-030230 stigid@ubuntu2004: UBTU-20-010144 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml index 81dddd9fb71..d1f4ee35ccb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030370 stigid@ol8: OL08-00-030500 stigid@rhel7: RHEL-07-030390 - stigid@rhel8: RHEL-08-030500 + stigid@rhel8: RHEL-08-030480 stigid@sle12: SLES-12-020440 stigid@sle15: SLES-15-030270 stigid@ubuntu2004: UBTU-20-010151 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml index fa15012b05f..a2425e373bc 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml @@ -69,7 +69,7 @@ references: stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030220 stigid@rhel7: RHEL-07-030460 - stigid@rhel8: RHEL-08-030220 + stigid@rhel8: RHEL-08-030200 stigid@sle15: SLES-15-030240 stigid@ubuntu2004: UBTU-20-010143 vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml index 6d15eecee2c..0be27fbe860 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml @@ -74,7 +74,7 @@ references: stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030210 stigid@rhel7: RHEL-07-030470 - stigid@rhel8: RHEL-08-030210 + stigid@rhel8: RHEL-08-030200 stigid@sle12: SLES-12-020390 stigid@sle15: SLES-15-030190 stigid@ubuntu2004: UBTU-20-010145 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml index 6f7cea26e16..5dc13a0a43a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml @@ -70,7 +70,7 @@ references: stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030270 stigid@rhel7: RHEL-07-030440 - stigid@rhel8: RHEL-08-030270 + stigid@rhel8: RHEL-08-030200 stigid@sle12: SLES-12-020370 stigid@sle15: SLES-15-030220 stigid@ubuntu2004: UBTU-20-010142 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml index 718dcb8a9d9..120d6fa84d3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml @@ -52,7 +52,7 @@ references: stigid@ol7: OL07-00-030910 stigid@ol8: OL08-00-030362 stigid@rhel7: RHEL-07-030890 - stigid@rhel8: RHEL-08-030362 + stigid@rhel8: RHEL-08-030361 stigid@ubuntu2004: UBTU-20-010270 vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml index 643f075f46a..4caa7c66986 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml @@ -49,7 +49,7 @@ references: stigid@ol7: OL07-00-030910 stigid@ol8: OL08-00-030363 stigid@rhel7: RHEL-07-030900 - stigid@rhel8: RHEL-08-030363 + stigid@rhel8: RHEL-08-030361 vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890 {{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml index 9cf3c4668bc..8fea9dc4582 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml @@ -52,7 +52,7 @@ references: stigid@ol7: OL07-00-030910 stigid@ol8: OL08-00-030364 stigid@rhel7: RHEL-07-030910 - stigid@rhel8: RHEL-08-030364 + stigid@rhel8: RHEL-08-030361 stigid@ubuntu2004: UBTU-20-010267 vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml index d0ebbdbd723..bee18e99b52 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml @@ -52,7 +52,7 @@ references: stigid@ol7: OL07-00-030910 stigid@ol8: OL08-00-030365 stigid@rhel7: RHEL-07-030920 - stigid@rhel8: RHEL-08-030365 + stigid@rhel8: RHEL-08-030361 stigid@ubuntu2004: UBTU-20-010268 vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml index 373b12525e1..736c6643b57 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml @@ -63,7 +63,7 @@ references: stigid@ol7: OL07-00-030510 stigid@ol8: OL08-00-030470 stigid@rhel7: RHEL-07-030500 - stigid@rhel8: RHEL-08-030470 + stigid@rhel8: RHEL-08-030420 stigid@sle12: SLES-12-020520 stigid@sle15: SLES-15-030160 stigid@ubuntu2004: UBTU-20-010158 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml index 2b2d82a736b..6b4176d53e3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml @@ -66,7 +66,7 @@ references: stigid@ol7: OL07-00-030510 stigid@ol8: OL08-00-030460 stigid@rhel7: RHEL-07-030550 - stigid@rhel8: RHEL-08-030460 + stigid@rhel8: RHEL-08-030420 stigid@sle12: SLES-12-020510 stigid@sle15: SLES-15-030320 stigid@ubuntu2004: UBTU-20-010157 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml index dcb3d0f0525..90d45b6787e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml @@ -66,7 +66,7 @@ references: stigid@ol7: OL07-00-030510 stigid@ol8: OL08-00-030440 stigid@rhel7: RHEL-07-030510 - stigid@rhel8: RHEL-08-030440 + stigid@rhel8: RHEL-08-030420 stigid@sle12: SLES-12-020490 stigid@sle15: SLES-15-030150 stigid@ubuntu2004: UBTU-20-010155 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml index e68d892bb90..6df936e489c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml @@ -60,7 +60,7 @@ references: stigid@ol7: OL07-00-030510 stigid@ol8: OL08-00-030450 stigid@rhel7: RHEL-07-030530 - stigid@rhel8: RHEL-08-030450 + stigid@rhel8: RHEL-08-030420 stigid@sle12: SLES-12-020540 stigid@sle15: SLES-15-030180 stigid@ubuntu2004: UBTU-20-010160 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml index cd6bd545e71..1b6ae818e48 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml @@ -66,7 +66,7 @@ references: stigid@ol7: OL07-00-030510 stigid@ol8: OL08-00-030430 stigid@rhel7: RHEL-07-030520 - stigid@rhel8: RHEL-08-030430 + stigid@rhel8: RHEL-08-030420 stigid@sle12: SLES-12-020530 stigid@sle15: SLES-15-030170 stigid@ubuntu2004: UBTU-20-010159 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml index 50e5b4e4f02..2f1c6d0bf22 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml @@ -51,7 +51,7 @@ references: stigid@ol7: OL07-00-030820 stigid@ol8: OL08-00-030380 stigid@rhel7: RHEL-07-030821 - stigid@rhel8: RHEL-08-030380 + stigid@rhel8: RHEL-08-030360 stigid@sle12: SLES-12-020740 stigid@sle15: SLES-15-030530 stigid@ubuntu2004: UBTU-20-010180 diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile index ffca983d0bd..d92bc72971c 100644 --- a/products/rhel8/profiles/stig.profile +++ b/products/rhel8/profiles/stig.profile @@ -560,6 +560,8 @@ selections: # RHEL-08-020220 - accounts_password_pam_pwhistory_remember_system_auth + + # RHEL-08-020221 - accounts_password_pam_pwhistory_remember_password_auth # RHEL-08-020230 @@ -712,18 +714,11 @@ selections: # RHEL-08-030200 - audit_rules_dac_modification_lremovexattr - - # RHEL-08-030210 - audit_rules_dac_modification_removexattr - - # RHEL-08-030220 - audit_rules_dac_modification_lsetxattr - - # RHEL-08-030230 - audit_rules_dac_modification_fsetxattr - - # RHEL-08-030240 - audit_rules_dac_modification_fremovexattr + - audit_rules_dac_modification_setxattr # RHEL-08-030250 - audit_rules_privileged_commands_chage @@ -731,8 +726,6 @@ selections: # RHEL-08-030260 - audit_rules_execution_chcon - # RHEL-08-030270 - - audit_rules_dac_modification_setxattr # RHEL-08-030280 - audit_rules_privileged_commands_ssh_agent @@ -787,28 +780,18 @@ selections: # RHEL-08-030360 - audit_rules_kernel_module_loading_init + - audit_rules_kernel_module_loading_finit # RHEL-08-030361 - audit_rules_file_deletion_events_rename - - # RHEL-08-030362 - audit_rules_file_deletion_events_renameat - - # RHEL-08-030363 - audit_rules_file_deletion_events_rmdir - - # RHEL-08-030364 - audit_rules_file_deletion_events_unlink - - # RHEL-08-030365 - audit_rules_file_deletion_events_unlinkat # RHEL-08-030370 - audit_rules_privileged_commands_gpasswd - # RHEL-08-030380 - - audit_rules_kernel_module_loading_finit - # RHEL-08-030390 - audit_rules_kernel_module_loading_delete @@ -820,41 +803,21 @@ selections: # RHEL-08-030420 - audit_rules_unsuccessful_file_modification_truncate - - # RHEL-08-030430 - audit_rules_unsuccessful_file_modification_openat - - # RHEL-08-030440 - audit_rules_unsuccessful_file_modification_open - - # RHEL-08-030450 - audit_rules_unsuccessful_file_modification_open_by_handle_at - - # RHEL-08-030460 - audit_rules_unsuccessful_file_modification_ftruncate - - # RHEL-08-030470 - audit_rules_unsuccessful_file_modification_creat # RHEL-08-030480 - audit_rules_dac_modification_chown - - # RHEL-08-030490 - - audit_rules_dac_modification_chmod - - # RHEL-08-030500 - audit_rules_dac_modification_lchown - - # RHEL-08-030510 - audit_rules_dac_modification_fchownat - - # RHEL-08-030520 - audit_rules_dac_modification_fchown - # RHEL-08-030530 + # RHEL-08-030490 + - audit_rules_dac_modification_chmod - audit_rules_dac_modification_fchmodat - - # RHEL-08-030540 - audit_rules_dac_modification_fchmod # RHEL-08-030550 diff --git a/products/rhel9/profiles/stig.profile b/products/rhel9/profiles/stig.profile index eb2cac913bd..42c6d0e9aca 100644 --- a/products/rhel9/profiles/stig.profile +++ b/products/rhel9/profiles/stig.profile @@ -561,6 +561,8 @@ selections: # RHEL-08-020220 - accounts_password_pam_pwhistory_remember_system_auth + + # RHEL-08-020221 - accounts_password_pam_pwhistory_remember_password_auth # RHEL-08-020230 @@ -713,18 +715,11 @@ selections: # RHEL-08-030200 - audit_rules_dac_modification_lremovexattr - - # RHEL-08-030210 - audit_rules_dac_modification_removexattr - - # RHEL-08-030220 - audit_rules_dac_modification_lsetxattr - - # RHEL-08-030230 - audit_rules_dac_modification_fsetxattr - - # RHEL-08-030240 - audit_rules_dac_modification_fremovexattr + - audit_rules_dac_modification_setxattr # RHEL-08-030250 - audit_rules_privileged_commands_chage @@ -732,9 +727,6 @@ selections: # RHEL-08-030260 - audit_rules_execution_chcon - # RHEL-08-030270 - - audit_rules_dac_modification_setxattr - # RHEL-08-030280 - audit_rules_privileged_commands_ssh_agent @@ -788,28 +780,18 @@ selections: # RHEL-08-030360 - audit_rules_kernel_module_loading_init + - audit_rules_kernel_module_loading_finit # RHEL-08-030361 - audit_rules_file_deletion_events_rename - - # RHEL-08-030362 - audit_rules_file_deletion_events_renameat - - # RHEL-08-030363 - audit_rules_file_deletion_events_rmdir - - # RHEL-08-030364 - audit_rules_file_deletion_events_unlink - - # RHEL-08-030365 - audit_rules_file_deletion_events_unlinkat # RHEL-08-030370 - audit_rules_privileged_commands_gpasswd - # RHEL-08-030380 - - audit_rules_kernel_module_loading_finit - # RHEL-08-030390 - audit_rules_kernel_module_loading_delete @@ -821,41 +803,21 @@ selections: # RHEL-08-030420 - audit_rules_unsuccessful_file_modification_truncate - - # RHEL-08-030430 - audit_rules_unsuccessful_file_modification_openat - - # RHEL-08-030440 - audit_rules_unsuccessful_file_modification_open - - # RHEL-08-030450 - audit_rules_unsuccessful_file_modification_open_by_handle_at - - # RHEL-08-030460 - audit_rules_unsuccessful_file_modification_ftruncate - - # RHEL-08-030470 - audit_rules_unsuccessful_file_modification_creat # RHEL-08-030480 - audit_rules_dac_modification_chown - - # RHEL-08-030490 - - audit_rules_dac_modification_chmod - - # RHEL-08-030500 - audit_rules_dac_modification_lchown - - # RHEL-08-030510 - audit_rules_dac_modification_fchownat - - # RHEL-08-030520 - audit_rules_dac_modification_fchown - # RHEL-08-030530 + # RHEL-08-030490 + - audit_rules_dac_modification_chmod - audit_rules_dac_modification_fchmodat - - # RHEL-08-030540 - audit_rules_dac_modification_fchmod # RHEL-08-030550