From 3d24d93e200f53f3845fffbc8764b8e48517c7b2 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Wed, 4 Aug 2021 16:57:50 +0200
Subject: [PATCH] Assign RHEL-08-020240 to account_unique_id and add test
 scenarios.

---
 .../accounts-restrictions/account_unique_id/oval/shared.xml  | 2 +-
 .../accounts-restrictions/account_unique_id/rule.yml         | 4 +++-
 .../account_unique_id/tests/correct_value.pass.sh            | 2 ++
 .../account_unique_id/tests/wrong_value.fail.sh              | 5 +++++
 products/rhel8/profiles/stig.profile                         | 1 +
 shared/references/cce-redhat-avail.txt                       | 1 -
 tests/data/profile_stability/rhel8/stig.profile              | 1 +
 tests/data/profile_stability/rhel8/stig_gui.profile          | 1 +
 8 files changed, 14 insertions(+), 3 deletions(-)
 create mode 100644 linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/tests/correct_value.pass.sh
 create mode 100644 linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/tests/wrong_value.fail.sh

diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/oval/shared.xml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/oval/shared.xml
index be45c518115..491ad4587ee 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/oval/shared.xml
@@ -7,7 +7,7 @@
 
   </definition>
 
-  <!-- collect informatino about all users -->
+  <!-- collect information about all users -->
   <unix:password_object id="obj_all_uids" version="1">
     <unix:username operation="pattern match">.*</unix:username>
   </unix:password_object>
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
index 731632f7f5a..e55901dbdc5 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
@@ -12,6 +12,7 @@ severity: medium
 
 identifiers:
     cce@rhel7: CCE-85857-1
+    cce@rhel8: CCE-89903-9
     cce@sle12: CCE-83196-6
     cce@sle15: CCE-83277-4
 
@@ -19,7 +20,8 @@ references:
     cis@rhel7: 6.2.7
     disa: CCI-000764,CCI-000804
     nist@sle12: IA-2,IA-2.1,IA-8,IA-8.1
-    srg: SRG-OS-000104-GPOS-00051,SRG-OS-000121-GPOS-00062
+    srg: SRG-OS-000104-GPOS-00051,SRG-OS-000121-GPOS-00062,SRG-OS-000042-GPOS-00020
+    stigid@rhel8: RHEL-08-020240
     stigid@sle12: SLES-12-010640
     stigid@sle15: SLES-15-010230
 
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/tests/correct_value.pass.sh
new file mode 100644
index 00000000000..645c46eb847
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/tests/correct_value.pass.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+# remediation = none
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/tests/wrong_value.fail.sh
new file mode 100644
index 00000000000..cc7f2215041
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/tests/wrong_value.fail.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+# remediation = none
+
+echo "test_user:x:30090:30090:Test User:/home/test_user:/usr/bin/bash" >> /etc/passwd
+echo "test_user_2:x:30090:30090:Test User 2:/home/test_user_2:/usr/bin/bash" >> /etc/passwd
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
index ec0a3b17537..bdddfef846f 100644
--- a/products/rhel8/profiles/stig.profile
+++ b/products/rhel8/profiles/stig.profile
@@ -552,6 +552,7 @@ selections:
     - accounts_password_minlen_login_defs
 
     # RHEL-08-020240
+    - account_unique_id
 
     # RHEL-08-020250
     - sssd_enable_smartcards
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index 61384c108a0..1d54e8ec15f 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -3969,7 +3969,6 @@ CCE-89899-9
 CCE-89900-5
 CCE-89901-3
 CCE-89902-1
-CCE-89903-9
 CCE-89904-7
 CCE-89905-4
 CCE-89906-2
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
index bffa509b698..71dd6330a16 100644
--- a/tests/data/profile_stability/rhel8/stig.profile
+++ b/tests/data/profile_stability/rhel8/stig.profile
@@ -26,6 +26,7 @@ selections:
 - account_disable_post_pw_expiration
 - account_emergency_expire_date
 - account_temp_expire_date
+- account_unique_id
 - accounts_have_homedir_login_defs
 - accounts_logon_fail_delay
 - accounts_max_concurrent_login_sessions
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
index c84ac75c7bf..3e788b27bac 100644
--- a/tests/data/profile_stability/rhel8/stig_gui.profile
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
@@ -37,6 +37,7 @@ selections:
 - account_disable_post_pw_expiration
 - account_emergency_expire_date
 - account_temp_expire_date
+- account_unique_id
 - accounts_have_homedir_login_defs
 - accounts_logon_fail_delay
 - accounts_max_concurrent_login_sessions