From 994b50e9a47e222c2a27fde231cbf3e2f6f77aed Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Fri, 6 Aug 2021 15:26:28 -0500
Subject: [PATCH] Select sysctl_net_core_bpf_jit_harden for RHEL-08-040286

---
 .../restrictions/sysctl_net_core_bpf_jit_harden/rule.yml       | 3 +++
 products/rhel8/profiles/stig.profile                           | 3 +++
 tests/data/profile_stability/rhel8/stig.profile                | 1 +
 tests/data/profile_stability/rhel8/stig_gui.profile            | 1 +
 4 files changed, 8 insertions(+)

diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
index 9a1096cc72..31b7183b87 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
@@ -19,8 +19,11 @@ identifiers:
     cce@rhel9: CCE-83966-2
 
 references:
+    disa: CCI-000366
+    nist: CM-6b
     ospp: FMT_SMF_EXT.1
     srg: SRG-OS-000480-GPOS-00227
+    stigid@rhel8: RHEL-08-040286
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.core.bpf_jit_harden", value="2") }}}
 
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
index 0a1fdd15ca..a358f61dba 100644
--- a/products/rhel8/profiles/stig.profile
+++ b/products/rhel8/profiles/stig.profile
@@ -1149,6 +1149,9 @@ selections:
     # RHEL-08-040285
     - sysctl_net_ipv4_conf_all_rp_filter
 
+    # RHEL-08-040286
+    - sysctl_net_core_bpf_jit_harden
+
     # RHEL-08-040290
     # /etc/postfix/main.cf does not exist on default installation resulting in error during remediation
     # there needs to be a new platform check to identify when postfix is installed or not
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
index d7e2f71376..7d54a7505f 100644
--- a/tests/data/profile_stability/rhel8/stig.profile
+++ b/tests/data/profile_stability/rhel8/stig.profile
@@ -359,6 +359,7 @@ selections:
 - sysctl_kernel_randomize_va_space
 - sysctl_kernel_unprivileged_bpf_disabled
 - sysctl_kernel_yama_ptrace_scope
+- sysctl_net_core_bpf_jit_harden
 - sysctl_net_ipv4_conf_all_accept_redirects
 - sysctl_net_ipv4_conf_all_accept_source_route
 - sysctl_net_ipv4_conf_all_rp_filter
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
index 7c95e31545..97291230e7 100644
--- a/tests/data/profile_stability/rhel8/stig_gui.profile
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
@@ -370,6 +370,7 @@ selections:
 - sysctl_kernel_randomize_va_space
 - sysctl_kernel_unprivileged_bpf_disabled
 - sysctl_kernel_yama_ptrace_scope
+- sysctl_net_core_bpf_jit_harden
 - sysctl_net_ipv4_conf_all_accept_redirects
 - sysctl_net_ipv4_conf_all_accept_source_route
 - sysctl_net_ipv4_conf_all_rp_filter