commit 724676573314ec7537015db800ea9edc08bdeafe Author: Gabriel Becker Date: Fri Apr 5 14:49:41 2019 +0200 Mark rules that are not applicable in containers. Backport of 8a858d0c and 313b634c. diff --git a/linux_os/guide/services/base/service_irqbalance_enabled.rule b/linux_os/guide/services/base/service_irqbalance_enabled.rule index a94a60d..d74e543 100644 --- a/linux_os/guide/services/base/service_irqbalance_enabled.rule +++ b/linux_os/guide/services/base/service_irqbalance_enabled.rule @@ -24,3 +24,5 @@ references: nist: CM-7 ocil: '{{{ ocil_service_disabled(service="irqbalance") }}}' + +platform: machine diff --git a/linux_os/guide/services/cron_and_at/group.yml b/linux_os/guide/services/cron_and_at/group.yml index 30f07e0..745ed46 100644 --- a/linux_os/guide/services/cron_and_at/group.yml +++ b/linux_os/guide/services/cron_and_at/group.yml @@ -8,3 +8,5 @@ description: |- all systems to perform necessary maintenance tasks, while at may or may not be required on a given system. Both daemons should be configured defensively. + +platform: machine diff --git a/linux_os/guide/services/docker/docker_storage_configured.rule b/linux_os/guide/services/docker/docker_storage_configured.rule index c675292..a1c90e6 100644 --- a/linux_os/guide/services/docker/docker_storage_configured.rule +++ b/linux_os/guide/services/docker/docker_storage_configured.rule @@ -20,3 +20,5 @@ severity: low identifiers: cce@rhel7: 80441-9 + +platform: machine diff --git a/linux_os/guide/services/docker/service_docker_enabled.rule b/linux_os/guide/services/docker/service_docker_enabled.rule index 6cd9df4..309771b 100644 --- a/linux_os/guide/services/docker/service_docker_enabled.rule +++ b/linux_os/guide/services/docker/service_docker_enabled.rule @@ -20,3 +20,5 @@ identifiers: cce@rhel7: 80440-1 ocil: '{{{ ocil_service_enabled(service="docker") }}}' + +platform: machine diff --git a/linux_os/guide/services/mail/group.yml b/linux_os/guide/services/mail/group.yml index 97ddf50..13f9730 100644 --- a/linux_os/guide/services/mail/group.yml +++ b/linux_os/guide/services/mail/group.yml @@ -23,3 +23,5 @@ description: |- Postfix was coded with security in mind and can also be more effectively contained by SELinux as its modular design has resulted in separate processes performing specific actions. More information is available on its website, {{{ weblink(link="http://www.postfix.org") }}}. + +platform: machine diff --git a/linux_os/guide/services/ntp/group.yml b/linux_os/guide/services/ntp/group.yml index c85ac8c..737b7f4 100644 --- a/linux_os/guide/services/ntp/group.yml +++ b/linux_os/guide/services/ntp/group.yml @@ -55,3 +55,5 @@ description: |- The upstream manual pages at {{{ weblink(link="http://chrony.tuxfamily.org/manual.html") }}} for chronyd and {{{ weblink(link="http://www.ntp.org") }}} for ntpd provide additional information on the capabilities and configuration of each of the NTP daemons. + +platform: machine diff --git a/linux_os/guide/services/ssh/group.yml b/linux_os/guide/services/ssh/group.yml index 8919c8c..feb65ee 100644 --- a/linux_os/guide/services/ssh/group.yml +++ b/linux_os/guide/services/ssh/group.yml @@ -12,3 +12,5 @@ description: |- {{{ weblink(link="http://www.openssh.org") }}}. Its server program is called sshd and provided by the RPM package openssh-server. + +platform: machine diff --git a/linux_os/guide/services/sssd/group.yml b/linux_os/guide/services/sssd/group.yml index 49bfab9..ce74b3a 100644 --- a/linux_os/guide/services/sssd/group.yml +++ b/linux_os/guide/services/sssd/group.yml @@ -17,3 +17,5 @@ description: |- {{%- elif product == "rhel6" -%}} {{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Introduction.html") }}} {{%- endif %}} + +platform: machine diff --git a/linux_os/guide/services/sssd/sssd-ldap/group.yml b/linux_os/guide/services/sssd/sssd-ldap/group.yml index a7c4c7d..0428dd1 100644 --- a/linux_os/guide/services/sssd/sssd-ldap/group.yml +++ b/linux_os/guide/services/sssd/sssd-ldap/group.yml @@ -13,3 +13,5 @@ description: |-

SSSD can support many backends including LDAP. The sssd-ldap backend allows SSSD to fetch identity information from an LDAP server. + +platform: machine diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot.rule b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot.rule index beb9a4d..52e6a26 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot.rule +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot.rule @@ -82,3 +82,5 @@ warnings: key sequence if running in runlevel 6 (e.g. in GNOME, KDE, etc.)! The Ctrl-Alt-Del key sequence will only be disabled if running in the non-graphical runlevel 3. + +platform: machine diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot.rule b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot.rule index 165bf92..d8d9116 100644 --- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot.rule +++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot.rule @@ -36,3 +36,5 @@ ocil: |- systemd.confirm_spawn=(1|yes|true|on) in the kernel boot arguments. Presence of a systemd.confirm_spawn=(1|yes|true|on) indicates that interactive boot is enabled at boot time. + +platform: machine diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth.rule b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth.rule index 3d752e2..12d547d 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth.rule +++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth.rule @@ -66,3 +66,5 @@ ocil: |- ExecStart and /sbin/sulogin: 
ExecStart=-/sbin/sulogin
{{% endif %}} + +platform: machine diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_screen_installed.rule b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_screen_installed.rule index 56c2464..d721694 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_screen_installed.rule +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_screen_installed.rule @@ -41,3 +41,5 @@ references: ocil_clause: 'the package is not installed' ocil: '{{{ ocil_package(package="screen") }}}' + +platform: machine diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages.rule b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages.rule index 815097b..5c58455 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages.rule +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages.rule @@ -37,3 +37,5 @@ ocil: |- To verify the operating system has the packages required for multifactor authentication installed, run the following command: 
$ sudo yum list installed esc pam_pkcs11 authconfig-gtk
+ +platform: machine diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth.rule b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth.rule index 5b01b62..e4c0870 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth.rule +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth.rule @@ -41,3 +41,5 @@ references: ocil_clause: 'non-exempt accounts are not using CAC authentication' ocil: "Interview the SA to determine if all accounts not exempted by policy are\nusing CAC authentication.\nFor DoD systems, the following systems and accounts are exempt from using\nsmart card (CAC) authentication:\n" + +platform: machine diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking.rule b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking.rule index 9af1126..c68db6d 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking.rule +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking.rule @@ -42,3 +42,5 @@ ocil: |- 
cert_policy = ca, ocsp_on, signature;
     cert_policy = ca, ocsp_on, signature;
     cert_policy = ca, ocsp_on, signature;
+ +platform: machine diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled.rule b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled.rule index a2be942..184571c 100644 --- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled.rule +++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled.rule @@ -31,3 +31,5 @@ references: ospp@rhel7: FIA_AFL.1 ocil: '{{{ ocil_service_disabled(service="debug-shell") }}}' + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod.rule index f1cd259..98fb3f8 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod.rule @@ -57,3 +57,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown.rule index bc765d3..77be3c4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown.rule @@ -55,3 +55,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod.rule index 62f9d31..e530ea9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod.rule @@ -55,3 +55,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat.rule index 6a3db98..2410fc9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat.rule @@ -55,3 +55,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown.rule index b4ffe52..4f0c7e7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown.rule @@ -55,3 +55,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat.rule index 5a3435d..12d51f8 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat.rule @@ -55,3 +55,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr.rule index ad029f1..b0ff227 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr.rule @@ -61,3 +61,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr.rule index e9cd1f9..4e19015 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr.rule @@ -55,3 +55,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown.rule index 5cfd606..39fb8bd 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown.rule @@ -55,3 +55,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr.rule index 72311d8..52d0c85 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr.rule @@ -61,3 +61,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr.rule index f84b153..f7ffae4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr.rule @@ -55,3 +55,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr.rule index 6bd3dfc..3ff38cf 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr.rule @@ -60,3 +60,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr.rule index eaec4c5..da633bd 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr.rule @@ -55,3 +55,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/group.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/group.yml index 0de3ac0..0be694d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/group.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/group.yml @@ -19,3 +19,5 @@ description: |- 
-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod
         -a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod
         -a always,exit -F arch=b64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod
+ +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon.rule index 8e40014..f2c7891 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon.rule @@ -47,3 +47,5 @@ ocil: |- 
$ sudo grep "path=/usr/bin/chcon" /etc/audit/audit.rules /etc/audit/rules.d/*
The output should return something similar to: 
-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change
+ +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon.rule index 2a97b84..ea42555 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon.rule @@ -46,3 +46,5 @@ ocil: |- 
$ sudo grep "path=/usr/sbin/restorecon" /etc/audit/audit.rules /etc/audit/rules.d/*
The output should return something similar to: 
-a always,exit -F path=/usr/sbin/restorecon -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change
+ +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage.rule index c2aedce..dd62afa 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage.rule @@ -47,3 +47,5 @@ ocil: |- 
$ sudo grep "path=/usr/sbin/semanage" /etc/audit/audit.rules /etc/audit/rules.d/*
The output should return something similar to: 
-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change
+ +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool.rule index 247453e..2804b8d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool.rule @@ -47,3 +47,5 @@ ocil: |- 
$ sudo grep "path=/usr/sbin/setsebool" /etc/audit/audit.rules /etc/audit/rules.d/*
The output should return something similar to: 
-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change
+ +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule index 346cd5a..d110f8a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule @@ -65,3 +65,5 @@ warnings:
  • audit_rules_file_deletion_events_unlink
  • audit_rules_file_deletion_events_unlinkat
    • + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename.rule index e9948eb..51b1d54 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename.rule @@ -40,3 +40,5 @@ references: stigid@rhel7: "030880" {{{ complete_ocil_entry_audit_syscall(syscall="rename") }}} + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat.rule index 82c93a2..96133fc 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat.rule @@ -40,3 +40,5 @@ references: stigid@rhel7: "030890" {{{ complete_ocil_entry_audit_syscall(syscall="renameat") }}} + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir.rule index 419cb05..21abd3a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir.rule @@ -40,3 +40,5 @@ references: stigid@rhel7: "030900" {{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}} + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink.rule index cfd3553..25c2ec2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink.rule @@ -40,3 +40,5 @@ references: stigid@rhel7: "030910" {{{ complete_ocil_entry_audit_syscall(syscall="unlink") }}} + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat.rule index 217a3cb..390a4e5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat.rule @@ -40,3 +40,5 @@ references: stigid@rhel7: "030920" {{{ complete_ocil_entry_audit_syscall(syscall="unlinkat") }}} + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete.rule index f6a5e3e..370fbab 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete.rule @@ -38,3 +38,5 @@ references: stigid@rhel7: "030830" {{{ complete_ocil_entry_audit_syscall(syscall="delete_module") }}} + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit.rule index 4ce4f24..d86680d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit.rule @@ -36,3 +36,5 @@ references: stigid@rhel7: "030821" {{{ complete_ocil_entry_audit_syscall(syscall="finit_module") }}} + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init.rule index 8b73da7..01de6c8 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init.rule @@ -37,3 +37,5 @@ references: stigid@rhel7: "030820" {{{ complete_ocil_entry_audit_syscall(syscall="init_module") }}} + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod.rule index 3c4e05f..9610d30 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod.rule @@ -41,3 +41,5 @@ ocil_clause: 'there is not output' ocil: |- To verify that auditing is configured for system administrator actions, run the following command: 
    $ sudo auditctl -l | grep "watch=/usr/sbin/insmod"
    + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe.rule index 8ce37aa..bd266b8 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe.rule @@ -41,3 +41,5 @@ ocil_clause: 'there is not output' ocil: |- To verify that auditing is configured for system administrator actions, run the following command: 
    $ sudo auditctl -l | grep "watch=/usr/sbin/modprobe"
    + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod.rule index 7ab7824..b913129 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod.rule @@ -41,3 +41,5 @@ ocil_clause: 'there is not output' ocil: |- To verify that auditing is configured for system administrator actions, run the following command: 
    $ sudo auditctl -l | grep "watch=/usr/sbin/rmmod"
    + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events.rule index a2bd65f..11d187d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events.rule @@ -53,3 +53,5 @@ warnings:
  • audit_rules_login_events_faillock
  • audit_rules_login_events_lastlog
    • + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock.rule index 78f9d91..b730fdd 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock.rule @@ -43,3 +43,5 @@ ocil_clause: 'there is not output' ocil: |- To verify that auditing is configured for system administrator actions, run the following command: 
    $ sudo auditctl -l | grep "watch=/var/log/faillock"
    + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog.rule index 6c1919d..83c5cb7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog.rule @@ -43,3 +43,5 @@ ocil_clause: 'there is not output' ocil: |- To verify that auditing is configured for system administrator actions, run the following command: 
    $ sudo auditctl -l | grep "watch=/var/log/lastlog"
    + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog.rule index b0eed40..9a9770a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog.rule @@ -43,3 +43,5 @@ ocil_clause: 'there is not output' ocil: |- To verify that auditing is configured for system administrator actions, run the following command: 
    $ sudo auditctl -l | grep "watch=/var/log/tallylog"
    + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands.rule index a1408e9..3815429 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands.rule @@ -81,3 +81,5 @@ warnings:
  • audit_rules_privileged_commands_umount
  • audit_rules_privileged_commands_passwd
    • + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage.rule index c2d56b1..9d6c828 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage.rule @@ -48,3 +48,5 @@ ocil: |- following command: 
    $ sudo grep chage /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh.rule index 4c81432..ac5c38a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh.rule @@ -48,3 +48,5 @@ ocil: |- following command: 
    $ sudo grep chsh /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab.rule index 5baa248..03bcb6c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab.rule @@ -48,3 +48,5 @@ ocil: |- following command: 
    $ sudo grep crontab /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd.rule index cb856fa..5c8c407 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd.rule @@ -49,3 +49,5 @@ ocil: |- following command: 
    $ sudo grep gpasswd /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp.rule index 32f0182..b8f8e5c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp.rule @@ -49,3 +49,5 @@ ocil: |- following command: 
    $ sudo grep newgrp /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check.rule index 7219c00..fda2e0c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check.rule @@ -48,3 +48,5 @@ ocil: |- following command: 
    $ sudo grep pam_timestamp_check /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd.rule index 8466855..cb41772 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd.rule @@ -49,3 +49,5 @@ ocil: |- following command: 
    $ sudo grep passwd /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop.rule index b648c05..6f3f787 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop.rule @@ -48,3 +48,5 @@ ocil: |- following command: 
    $ sudo grep postdrop /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue.rule index eadb5f9..d6f4eeb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue.rule @@ -48,3 +48,5 @@ ocil: |- following command: 
    $ sudo grep postqueue /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown.rule index 600608b..21e0a11 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown.rule @@ -46,3 +46,5 @@ ocil: |- following command: 
    $ sudo grep pt_chown /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign.rule index 07b6ecc..fa7ff2b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign.rule @@ -49,3 +49,5 @@ ocil: |- following command: 
    $ sudo grep ssh-keysign /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su.rule index 5e7c3fc..d791805 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su.rule @@ -49,3 +49,5 @@ ocil: |- following command: 
    $ sudo grep su /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo.rule index b9c1c7a..e8b3585 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo.rule @@ -49,3 +49,5 @@ ocil: |- following command: 
    $ sudo grep sudo /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit.rule index 176de59..8984a84 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit.rule @@ -49,3 +49,5 @@ ocil: |- following command: 
    $ sudo grep sudoedit /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount.rule index d0fe096..5b636ea 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount.rule @@ -48,3 +48,5 @@ ocil: |- following command: 
    $ sudo grep umount /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd.rule index 61e6cc6..205bf97 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd.rule @@ -49,3 +49,5 @@ ocil: |- following command: 
    $ sudo grep unix_chkpwd /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper.rule index 83bec28..91f31f3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper.rule @@ -49,3 +49,5 @@ ocil: |- following command: 
    $ sudo grep userhelper /etc/audit/audit.rules /etc/audit/rules.d/*
    It should return a relevant line in the audit rules. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable.rule index 991abcf..2c42c74 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable.rule @@ -37,3 +37,5 @@ references: hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3)(ii)(A),164.308(a)(5)(ii)(C),164.312(a)(2)(i),164.310(a)(2)(iv),164.312(d),164.310(d)(2)(iii),164.312(b),164.312(e) nist: AC-6,AU-1(b),AU-2(a),AU-2(c),AU-2(d),IR-5 pcidss: Req-10.5.2 + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification.rule index 7c4018b..5952dbb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification.rule @@ -47,3 +47,5 @@ ocil: |- If the system is configured to watch for changes to its SELinux configuration, a line should be returned (including perm=wa indicating permissions that are watched). + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export.rule index f1d9d6c..28c64ca 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export.rule @@ -50,3 +50,5 @@ ocil_clause: 'there is not output' ocil: |- To verify that auditing is configured for all media exportation events, run the following command: 
    $ sudo auditctl -l | grep syscall | grep mount
    + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification.rule index 3bda57f..55e1893 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification.rule @@ -55,3 +55,5 @@ ocil: |- 
    auditctl -l | egrep '(/etc/issue|/etc/issue.net|/etc/hosts|/etc/sysconfig/network)'
    If the system is configured to watch for network configuration changes, a line should be returned for each file specified (and perm=wa should be indicated for each). + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events.rule index e63f61a..017a053 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events.rule @@ -41,3 +41,5 @@ references: nist: AC-17(7),AU-1(b),AU-2(a),AU-2(c),AU-2(d),AU-12(a),AU-12(c),IR-5 ospp@rhel7: FAU_GEN.1.1.c pcidss: Req-10.2.3 + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions.rule index 15c33a2..3be1932 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions.rule @@ -47,3 +47,5 @@ ocil_clause: 'there is not output' ocil: |- To verify that auditing is configured for system administrator actions, run the following command: 
    $ sudo auditctl -l | grep "watch=/etc/sudoers\|watch=/etc/sudoers.d"
    + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown.rule index a01adea..d40c9df 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown.rule @@ -46,3 +46,5 @@ ocil: |- 
    $ sudo grep "\-f 2" /etc/audit/audit.rules
    The output should contain: 
    -f 2
    + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification.rule index b8716ef..2838470 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification.rule @@ -68,3 +68,5 @@ warnings:
  • audit_rules_usergroup_modification_gshadow
  • audit_rules_usergroup_modification_passwd
    • + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group.rule index f161b14..143e63b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group.rule @@ -52,3 +52,5 @@ ocil: |-

    If the system is configured to watch for account changes, lines should be returned for each file specified (and with perm=wa for each). + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow.rule index f9ae466..5e14989 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow.rule @@ -52,3 +52,5 @@ ocil: |-

    If the system is configured to watch for account changes, lines should be returned for each file specified (and with perm=wa for each). + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd.rule index 4b02de3..9e7ce3d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd.rule @@ -52,3 +52,5 @@ ocil: |-

    If the system is configured to watch for account changes, lines should be returned for each file specified (and with perm=wa for each). + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd.rule index 2940549..76bce57 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd.rule @@ -52,3 +52,5 @@ ocil: |-

    If the system is configured to watch for account changes, lines should be returned for each file specified (and with perm=wa for each). + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow.rule index 0925d21..74819f5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow.rule @@ -52,3 +52,5 @@ ocil: |-

    If the system is configured to watch for account changes, lines should be returned for each file specified (and with perm=wa for each). + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex.rule index 67ce61f..9dc2ceb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex.rule @@ -51,3 +51,5 @@ references: ocil_clause: 'the system is not configured to audit time changes' {{{ complete_ocil_entry_audit_syscall(syscall="adjtimex") }}} + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime.rule index 136c6ef..436f5f0 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime.rule @@ -51,3 +51,5 @@ references: ocil_clause: 'the system is not configured to audit time changes' {{{ complete_ocil_entry_audit_syscall(syscall="clock_settime") }}} + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday.rule index 4003f25..22ec976 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday.rule @@ -51,3 +51,5 @@ references: ocil_clause: 'the system is not configured to audit time changes' {{{ complete_ocil_entry_audit_syscall(syscall="settimeofday") }}} + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime.rule index d55c9a4..0572156 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime.rule @@ -57,3 +57,5 @@ ocil: |- If the system is not configured to audit time changes, this is a finding. If the system is 64-bit only, this is not applicable
    {{{ complete_ocil_entry_audit_syscall(syscall="stime") }}} + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime.rule index 70ce059..2fb8f7d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime.rule @@ -50,3 +50,5 @@ ocil: |- command: 
    $ sudo auditctl -l | grep "watch=/etc/localtime"
    If the system is configured to audit this activity, it will return a line. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification.rule index 0151c6e..ea42793 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification.rule @@ -69,3 +69,5 @@ warnings:
  • audit_rules_unsuccessful_file_modification_ftruncate
  • audit_rules_unsuccessful_file_modification_creat
    • + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat.rule index f04df40..a328ff9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat.rule @@ -54,3 +54,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate.rule index ba75654..6229398 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate.rule @@ -54,3 +54,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open.rule index 6f07e27..13f12fe 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open.rule @@ -54,3 +54,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at.rule index c5adccc..ce4193a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at.rule @@ -54,3 +54,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat.rule index 4281e37..6f3c38a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat.rule @@ -54,3 +54,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate.rule index 97d81f5..f6e0263 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate.rule @@ -54,3 +54,5 @@ warnings: number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient. + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit.rule b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit.rule index c3f6674..14d41d0 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit.rule @@ -33,3 +33,5 @@ references: ocil: |- {{{ describe_file_owner(file="/var/log/audit", owner="root") }}} {{{ describe_file_owner(file="/var/log/audit/*", owner="root") }}} + +platform: machine diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit.rule b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit.rule index f9dc5f1..319b1bb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit.rule +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit.rule @@ -35,3 +35,5 @@ ocil: |- Run the following command to check the mode of the system audit logs: 
    $ sudo ls -l /var/log/audit
    Audit logs must be mode 0640 or less permissive. + +platform: machine diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server.rule index a2c1e28..94af473 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server.rule +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server.rule @@ -37,3 +37,5 @@ ocil: |- The output should return something similar to where REMOTE_SYSTEM is an IP address or hostname: 
    remote_server = REMOTE_SYSTEM
    + +platform: machine diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action.rule index fafa442..502843d 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action.rule +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action.rule @@ -40,3 +40,5 @@ ocil: |- 
    disk_full_action = single
    Acceptable values also include syslog and halt. + +platform: machine diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records.rule index 94292ff..07d36df 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records.rule +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records.rule @@ -34,3 +34,5 @@ ocil: |- 
    $ sudo grep -i enable_krb5 /etc/audisp/audisp-remote.conf
    The output should return the following: 
    enable_krb5 = yes
    + +platform: machine diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action.rule index 65cb5c2..7fc5566 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action.rule +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action.rule @@ -40,3 +40,5 @@ ocil: |- 
    network_failure_action = single
    Acceptable values also include syslog and halt. + +platform: machine diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated.rule index 75edf6a..c2891ab 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated.rule +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated.rule @@ -40,3 +40,5 @@ ocil: |- To verify the audispd's syslog plugin is active, run the following command: 
    $ sudo grep active /etc/audisp/plugins.d/syslog.conf
    If the plugin is active, the output will show yes. + +platform: machine diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct.rule index 692f804..cabdc03 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct.rule +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct.rule @@ -43,3 +43,5 @@ ocil: |- determine if the system is configured to send email to an account when it needs to notify an administrator: 
    action_mail_acct = root
    + +platform: machine diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action.rule index bf07cff..7bad632 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action.rule +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action.rule @@ -48,3 +48,5 @@ ocil: |- determine if the system is configured to either suspend, switch to single user mode, or halt when disk space has run low: 
    admin_space_left_action single
    + +platform: machine diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush.rule index 3a5b3ce..5475a85 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush.rule +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush.rule @@ -37,3 +37,5 @@ ocil: |- 
    flush = DATA
    Acceptable values are DATA, and SYNC. The setting is case-insensitive. + +platform: machine diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file.rule index faa46bf..06ec11d 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file.rule +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file.rule @@ -40,3 +40,5 @@ ocil: |- determine how much data the system will retain in each audit log file: $ sudo grep max_log_file /etc/audit/auditd.conf 
    max_log_file = 6
    + +platform: machine diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action.rule index a6b6277..609ca46 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action.rule +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action.rule @@ -51,3 +51,5 @@ ocil: |- maximum size: $ sudo grep max_log_file_action /etc/audit/auditd.conf 
    max_log_file_action rotate
    + +platform: machine diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs.rule index bf61ee0..5b1debc 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs.rule +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs.rule @@ -39,3 +39,5 @@ ocil: |- determine how many logs the system is configured to retain after rotation: $ sudo grep num_logs /etc/audit/auditd.conf 
    num_logs = 5
    + +platform: machine diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left.rule index ac6bed0..d86ae02 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left.rule +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left.rule @@ -39,3 +39,5 @@ ocil: |- Inspect /etc/audit/auditd.conf and locate the following line to determine if the system is configured correctly: 
    space_left SIZE_in_MB
    + +platform: machine diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action.rule index eb70dd0..7b4360f 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action.rule +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action.rule @@ -57,3 +57,5 @@ ocil: |- $ sudo grep space_left_action /etc/audit/auditd.conf 
    space_left_action
    Acceptable values are email, suspend, single, and halt. + +platform: machine diff --git a/linux_os/guide/system/auditing/grub2_audit_argument.rule b/linux_os/guide/system/auditing/grub2_audit_argument.rule index 68d4f49..29c451c 100644 --- a/linux_os/guide/system/auditing/grub2_audit_argument.rule +++ b/linux_os/guide/system/auditing/grub2_audit_argument.rule @@ -57,3 +57,5 @@ warnings:
  • On UEFI-based machines, issue the following command as root: 
    ~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    • + +platform: machine diff --git a/linux_os/guide/system/auditing/service_auditd_enabled.rule b/linux_os/guide/system/auditing/service_auditd_enabled.rule index b2dd85f..ce32390 100644 --- a/linux_os/guide/system/auditing/service_auditd_enabled.rule +++ b/linux_os/guide/system/auditing/service_auditd_enabled.rule @@ -41,3 +41,5 @@ references: stigid@rhel7: "030000" ocil: '{{{ ocil_service_enabled(service="auditd") }}}' + +platform: machine diff --git a/linux_os/guide/system/bootloader-grub2/file_permissions_efi_grub2_cfg.rule b/linux_os/guide/system/bootloader-grub2/file_permissions_efi_grub2_cfg.rule index 95c4589..02ee38d 100644 --- a/linux_os/guide/system/bootloader-grub2/file_permissions_efi_grub2_cfg.rule +++ b/linux_os/guide/system/bootloader-grub2/file_permissions_efi_grub2_cfg.rule @@ -27,3 +27,5 @@ ocil: |- 
    $ sudo ls -lL /boot/efi/EFI/redhat/grub.cfg
    If properly configured, the output should indicate the following permissions: -rwx------ + +platform: machine diff --git a/linux_os/guide/system/bootloader-grub2/file_permissions_grub2_cfg.rule b/linux_os/guide/system/bootloader-grub2/file_permissions_grub2_cfg.rule index 306a6c5..02e2515 100644 --- a/linux_os/guide/system/bootloader-grub2/file_permissions_grub2_cfg.rule +++ b/linux_os/guide/system/bootloader-grub2/file_permissions_grub2_cfg.rule @@ -31,3 +31,5 @@ ocil: |- 
    $ sudo ls -lL /boot/grub2/grub.cfg
    If properly configured, the output should indicate the following permissions: -rw------- + +platform: machine diff --git a/linux_os/guide/system/bootloader-grub2/group.yml b/linux_os/guide/system/bootloader-grub2/group.yml index 81807fc..fe35833 100644 --- a/linux_os/guide/system/bootloader-grub2/group.yml +++ b/linux_os/guide/system/bootloader-grub2/group.yml @@ -14,3 +14,5 @@ description: |- parameters and endangering security, protect the boot loader configuration with a password and ensure its configuration file's permissions are set properly. + +platform: machine diff --git a/linux_os/guide/system/logging/group.yml b/linux_os/guide/system/logging/group.yml index f089e86..345043e 100644 --- a/linux_os/guide/system/logging/group.yml +++ b/linux_os/guide/system/logging/group.yml @@ -19,3 +19,5 @@ description: |- This section discusses how to configure rsyslog for best effect, and how to use tools provided with the system to maintain and monitor logs. + +platform: machine diff --git a/linux_os/guide/system/network/network-firewalld/group.yml b/linux_os/guide/system/network/network-firewalld/group.yml index 9512aa9..78bd398 100644 --- a/linux_os/guide/system/network/network-firewalld/group.yml +++ b/linux_os/guide/system/network/network-firewalld/group.yml @@ -20,3 +20,5 @@ description: |- immediately implemented. There is no need to save or apply the changes. No unintended disruption of existing network connections occurs as no part of the firewall has to be reloaded. + +platform: machine diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_ra.rule b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_ra.rule index b49d841..eed98e2 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_ra.rule +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_ra.rule @@ -20,3 +20,5 @@ references: nist: CM-7 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_ra", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_redirects.rule b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_redirects.rule index 03e5540..fd66ec6 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_redirects.rule +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_redirects.rule @@ -21,3 +21,5 @@ references: nist: CM-7 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_redirects", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_source_route.rule b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_source_route.rule index 23cc26a..e643932 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_source_route.rule +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_source_route.rule @@ -29,3 +29,5 @@ references: stigid@rhel7: "040830" {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_source_route", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_forwarding.rule b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_forwarding.rule index a3a7e91..48c7ba3 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_forwarding.rule +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_forwarding.rule @@ -24,3 +24,5 @@ references: ocil: |- {{{ ocil_sysctl_option_value(sysctl="net.ipv6.conf.all.forwarding", value="0") }}} The ability to forward packets is only appropriate for routers. + +platform: machine diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_ra.rule b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_ra.rule index 449519d..58305d9 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_ra.rule +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_ra.rule @@ -21,3 +21,5 @@ references: nist: CM-7 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_ra", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_redirects.rule b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_redirects.rule index 706f8c1..294fe2a 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_redirects.rule +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_redirects.rule @@ -24,3 +24,5 @@ references: nist: CM-7 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_redirects", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_source_route.rule b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_source_route.rule index b2dc1b8..7942d50 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_source_route.rule +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_source_route.rule @@ -27,3 +27,5 @@ references: nist: AC-4 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_source_route", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6.rule b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6.rule index 9c46fae..9d86019 100644 --- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6.rule +++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6.rule @@ -30,3 +30,5 @@ references: ocil_clause: 'the ipv6 support is disabled on network interfaces' ocil: "If the system uses IPv6, this is not applicable.\n

    \nIf the system is configured to prevent the usage of the\nipv6 on network interfaces, it will contain a line\nof the form:\n
    net.ipv6.conf.all.disable_ipv6 = 1
    \nSuch lines may be inside any file in the /etc/sysctl.d directory. \nThis permits insertion of the IPv6 kernel module (which other parts of \nthe system expect to be present), but otherwise keeps all network interfaces\nfrom using IPv6.\nRun the following command to search for such\nlines in all files in /etc/sysctl.d:\n
    $ grep -r ipv6 /etc/sysctl.d
    " + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects.rule index 7287608..89e9074 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects.rule @@ -26,3 +26,5 @@ references: stigid@rhel7: "040641" {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.accept_redirects", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route.rule index 5b66202..30aa26e 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route.rule @@ -26,3 +26,5 @@ references: stigid@rhel7: "040610" {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.accept_source_route", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians.rule index 4b08783..44b2eda 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians.rule @@ -28,3 +28,5 @@ references: nist: AC-17(7),CM-7,SC-5(3) {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.log_martians", value="1") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter.rule index 296f675..f71cd86 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter.rule @@ -28,3 +28,5 @@ references: nist: AC-4,SC-5,SC-7 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.rp_filter", value="1") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects.rule index f23a5a9..7163301 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects.rule @@ -26,3 +26,5 @@ references: nist: AC-4,CM-7,SC-5 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.secure_redirects", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects.rule index f12a39b..c61122b 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects.rule @@ -26,3 +26,5 @@ references: stigid@rhel7: "040640" {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.accept_redirects", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route.rule index 8d1ea9e..ca97a79 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route.rule @@ -26,3 +26,5 @@ references: stigid@rhel7: "040620" {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.accept_source_route", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians.rule index b52b71f..6fc91a5 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians.rule @@ -24,3 +24,5 @@ references: nist: AC-17(7),CM-7,SC-5(3) {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.log_martians", value="1") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter.rule index 536963b..146d1e9 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter.rule @@ -27,3 +27,5 @@ references: nist: AC-4,SC-5,SC-7 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.rp_filter", value="1") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects.rule index 3f5d6ff..ef394a0 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects.rule @@ -26,3 +26,5 @@ references: nist: AC-4,CM-7,SC-5,SC-7 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.secure_redirects", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts.rule index 33b55da..9cd2206 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts.rule @@ -32,3 +32,5 @@ references: stigid@rhel7: "040630" {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.icmp_echo_ignore_broadcasts", value="1") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses.rule index 6a19f10..d1b6671 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses.rule @@ -24,3 +24,5 @@ references: nist: CM-7,SC-5 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.icmp_ignore_bogus_error_responses", value="1") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies.rule index 68dfe68..bce344d 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies.rule @@ -32,3 +32,5 @@ references: srg: SRG-OS-000480-GPOS-00227 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.tcp_syncookies", value="1") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects.rule b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects.rule index fcd4e0a..1b75c45 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects.rule @@ -32,3 +32,5 @@ references: stigid@rhel7: "040660" {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.send_redirects", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects.rule b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects.rule index 76752ad..98a2df7 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects.rule @@ -32,3 +32,5 @@ references: stigid@rhel7: "040650" {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.send_redirects", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward.rule b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward.rule index 068c595..1935645 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward.rule +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward.rule @@ -31,3 +31,5 @@ references: ocil: |- {{{ ocil_sysctl_option_value(sysctl="net.ipv4.ip_forward", value="0") }}} The ability to forward packets is only appropriate for routers. + +platform: machine diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled.rule b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled.rule index 5fa9b2b..7c8f938 100644 --- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled.rule +++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled.rule @@ -32,3 +32,5 @@ references: stigid: "020101" {{{ complete_ocil_entry_module_disable(module="dccp") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled.rule b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled.rule index 07452ee..e739b7c 100644 --- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled.rule +++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled.rule @@ -31,3 +31,5 @@ references: nist: CM-7 {{{ complete_ocil_entry_module_disable(module="sctp") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled.rule b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled.rule index fc3a8cb..2b25185 100644 --- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled.rule +++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled.rule @@ -31,3 +31,5 @@ references: nist: AC-17(8),AC-18(a),AC-18(d),AC-18(3),CM-7 {{{ complete_ocil_entry_module_disable(module="bluetooth") }}} + +platform: machine diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios.rule b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios.rule index 302b329..4080993 100644 --- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios.rule +++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios.rule @@ -24,3 +24,5 @@ identifiers: references: disa: "85" nist: AC-17(8),AC-18(a),AC-18(d),AC-18(3),CM-7 + +platform: machine diff --git a/linux_os/guide/system/permissions/mounting/bios_assign_password.rule b/linux_os/guide/system/permissions/mounting/bios_assign_password.rule index 4d226ba..e0d0137 100644 --- a/linux_os/guide/system/permissions/mounting/bios_assign_password.rule +++ b/linux_os/guide/system/permissions/mounting/bios_assign_password.rule @@ -22,3 +22,5 @@ severity: unknown identifiers: cce@rhel6: 27131-2 cce@rhel7: 27194-0 + +platform: machine diff --git a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot.rule b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot.rule index 6f67dc5..7dcf2b7 100644 --- a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot.rule +++ b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot.rule @@ -22,3 +22,5 @@ identifiers: references: disa: "1250" nist: AC-19(a),AC-19(d),AC-19(e) + +platform: machine diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled.rule index 25d6507..bb9c4ba 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled.rule +++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled.rule @@ -22,3 +22,5 @@ references: cis: 1.1.1.1 cui: 3.4.6 nist: CM-7 + +platform: machine diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled.rule index 2b6718e..b4bbe6a 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled.rule +++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled.rule @@ -22,3 +22,5 @@ references: cis: 1.1.1.2 cui: 3.4.6 nist: CM-7 + +platform: machine diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled.rule index 7bd3047..39cd1f9 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled.rule +++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled.rule @@ -22,3 +22,5 @@ references: cis: 1.1.1.4 cui: 3.4.6 nist: CM-7 + +platform: machine diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled.rule index 313e5f9..a22bb32 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled.rule +++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled.rule @@ -22,3 +22,5 @@ references: cis: 1.1.1.5 cui: 3.4.6 nist: CM-7 + +platform: machine diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled.rule index fdf7fb0..591acf1 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled.rule +++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled.rule @@ -22,3 +22,5 @@ references: cis: 1.1.1.3 cui: 3.4.6 nist: CM-7 + +platform: machine diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled.rule index e9ddc44..6d83e36 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled.rule +++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled.rule @@ -22,3 +22,5 @@ references: cis: 1.1.1.6 cui: 3.4.6 nist: CM-7 + +platform: machine diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled.rule index 6eb0d21..11c15e6 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled.rule +++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled.rule @@ -22,3 +22,5 @@ references: cis: 1.1.1.7 cui: 3.4.6 nist: CM-7 + +platform: machine diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled.rule index 9a8431a..6db6855 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled.rule +++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled.rule @@ -34,3 +34,5 @@ references: stigid@rhel7: "020100" {{{ complete_ocil_entry_module_disable(module="usb-storage") }}} + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev.rule b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev.rule index 154c678..3094251 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev.rule @@ -19,3 +19,5 @@ identifiers: references: cis: 1.1.15 nist: CM-7,MP-2 + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec.rule b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec.rule index 4b2cde4..9cfa2cd 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec.rule @@ -24,3 +24,5 @@ identifiers: references: cis: 1.1.17 nist: CM-7,MP-2 + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid.rule b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid.rule index 91e10cb..9becb14 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid.rule @@ -23,3 +23,5 @@ identifiers: references: cis: 1.1.16 nist: CM-7,MP-2 + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev.rule b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev.rule index 6af13e5..055d5bc 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev.rule @@ -20,3 +20,5 @@ severity: unknown references: cis: 1.1.14 + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid.rule b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid.rule index 120f8c5..ee858ee 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid.rule @@ -23,3 +23,5 @@ references: cis: 1.1.3 nist: CM-7,MP-2 stigid@rhel7: "021000" + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions.rule b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions.rule index 1766fce..b7f9c2b 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions.rule @@ -22,3 +22,5 @@ identifiers: references: cis: 1.1.11 nist: CM-7 + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions.rule b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions.rule index f7ebfdb..71569a2 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions.rule @@ -27,3 +27,5 @@ identifiers: references: cis: 1.1.18 nist: AC-19(a),AC-19(d),AC-19(e),CM-7,MP-2 + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions.rule b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions.rule index 81724d0..0a8bcaf 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions.rule @@ -30,3 +30,5 @@ ocil: |- 
    $ grep -v noexec /etc/fstab
    The resulting output will show partitions which do not have the noexec flag. Verify all partitions in the output are not removable media. + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions.rule b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions.rule index 9b1a00b..72e2091 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions.rule @@ -29,3 +29,5 @@ references: nist: AC-6,AC-19(a),AC-19(d),AC-19(e),CM-7,MP-2 srg: SRG-OS-000480-GPOS-00227 stigid@rhel7: "021010" + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev.rule b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev.rule index 783756f..8c84d15 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev.rule @@ -19,3 +19,5 @@ identifiers: references: cis: 1.1.3 nist: CM-7,MP-2 + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec.rule b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec.rule index 2a55a62..28160a9 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec.rule @@ -26,3 +26,5 @@ references: disa@rhel6: '381' cis: 1.1.5 nist: CM-7,MP-2 + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid.rule b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid.rule index c01746c..44248fa 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid.rule @@ -23,3 +23,5 @@ identifiers: references: cis: 1.1.4 nist: CM-7,MP-2 + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind.rule b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind.rule index 3281e0d..5d33657 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind.rule @@ -20,3 +20,5 @@ identifiers: references: cis: 1.1.6 nist: CM-7 + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev.rule b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev.rule index 4900ca1..33f6ffe 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev.rule @@ -14,3 +14,5 @@ severity: unknown references: cis: 1.1.8 + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec.rule b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec.rule index 2653ab6..c5a1fef 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec.rule @@ -18,3 +18,5 @@ severity: unknown references: cis: 1.1.10 + +platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid.rule b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid.rule index 72d59c4..8ec2761 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid.rule +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid.rule @@ -18,3 +18,5 @@ severity: unknown references: cis: 1.1.9 + +platform: machine diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable.rule b/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable.rule index 0454e0d..ed99f96 100644 --- a/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable.rule +++ b/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable.rule @@ -25,3 +25,5 @@ references: nist: SI-11 {{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.suid_dumpable", value="0") }}} + +platform: machine diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield.rule b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield.rule index 3d3b169..9632025 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield.rule +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield.rule @@ -38,3 +38,5 @@ ocil: |- 
    $ sysctl kernel.exec-shield
    The output should be: {{{ describe_sysctl_option_value(sysctl="kernel.exec-shield", value="1") }}} + +platform: machine diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space.rule b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space.rule index 6aba5c9..94ef5df 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space.rule +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space.rule @@ -26,3 +26,5 @@ references: stigid: "040201" {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.randomize_va_space", value="2") }}} + +platform: machine diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions.rule b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions.rule index 318f6b3..778d455 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions.rule +++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions.rule @@ -23,3 +23,5 @@ identifiers: references: cui: 3.1.7 nist: CM-6(b) + +platform: machine diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32.rule b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32.rule index 938b0c8..773f66f 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32.rule +++ b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32.rule @@ -39,3 +39,5 @@ warnings: The kernel-PAE package should not be installed on older systems that do not support the XD or NX bit, as 8this may prevent them from booting.8 + +platform: machine diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict.rule b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict.rule index eab021a..1574cc4 100644 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict.rule +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict.rule @@ -21,3 +21,5 @@ references: nist: SI-11 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.dmesg_restrict", value="1") }}} + +platform: machine diff --git a/linux_os/guide/system/selinux/docker_selinux_enabled.rule b/linux_os/guide/system/selinux/docker_selinux_enabled.rule index 400d66c..4cf537b 100644 --- a/linux_os/guide/system/selinux/docker_selinux_enabled.rule +++ b/linux_os/guide/system/selinux/docker_selinux_enabled.rule @@ -23,3 +23,5 @@ severity: high identifiers: cce@rhel7: 80442-7 + +platform: machine diff --git a/linux_os/guide/system/selinux/selinux_confinement_of_daemons.rule b/linux_os/guide/system/selinux/selinux_confinement_of_daemons.rule index 179955d..226d4bf 100644 --- a/linux_os/guide/system/selinux/selinux_confinement_of_daemons.rule +++ b/linux_os/guide/system/selinux/selinux_confinement_of_daemons.rule @@ -29,3 +29,5 @@ references: cui: 3.1.2,3.1.5,3.7.2 hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3),164.308(a)(4),164.310(b),164.310(c),164.312(a),164.312(e) nist: AC-6,AU-9,CM-7 + +platform: machine diff --git a/linux_os/guide/system/selinux/selinux_policytype.rule b/linux_os/guide/system/selinux/selinux_policytype.rule index 08b0fe0..c5048b5 100644 --- a/linux_os/guide/system/selinux/selinux_policytype.rule +++ b/linux_os/guide/system/selinux/selinux_policytype.rule @@ -48,3 +48,5 @@ ocil_clause: 'it does not' ocil: |- Check the file /etc/selinux/config and ensure the following line appears: 
    SELINUXTYPE=
    + +platform: machine diff --git a/linux_os/guide/system/selinux/selinux_state.rule b/linux_os/guide/system/selinux/selinux_state.rule index 2f4f1c5..3612c21 100644 --- a/linux_os/guide/system/selinux/selinux_state.rule +++ b/linux_os/guide/system/selinux/selinux_state.rule @@ -39,3 +39,5 @@ ocil_clause: 'SELINUX is not set to enforcing' ocil: |- Check the file /etc/selinux/config and ensure the following line appears: 
    SELINUX=
    + +platform: machine diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions.rule b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions.rule index 1caa1e2..f4c47f6 100644 --- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions.rule +++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions.rule @@ -67,3 +67,5 @@ ocil: |- " TYPE="crypto_LUKS"

    Pseudo-file systems, such as /proc, /sys, and tmpfs, are not required to use disk encryption and are not a finding. + +platform: machine diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_home.rule b/linux_os/guide/system/software/disk_partitioning/partition_for_home.rule index d3c01f1..77d204a 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_home.rule +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_home.rule @@ -33,3 +33,5 @@ references: stigid@rhel7: "021310" {{{ complete_ocil_entry_separate_partition(part="/home") }}} + +platform: machine diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp.rule b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp.rule index 0c2c3d4..0297192 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp.rule +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp.rule @@ -32,3 +32,5 @@ references: stigid@rhel7: "021340" {{{ complete_ocil_entry_separate_partition(part="/tmp") }}} + +platform: machine diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var.rule b/linux_os/guide/system/software/disk_partitioning/partition_for_var.rule index 5b57cec..234d08a 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var.rule +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var.rule @@ -34,3 +34,5 @@ references: stigid@rhel7: "021320" {{{ complete_ocil_entry_separate_partition(part="/var") }}} + +platform: machine diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log.rule b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log.rule index 451daa6..70ced03 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log.rule +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log.rule @@ -28,3 +28,5 @@ references: nist: AU-9,SC-32 {{{ complete_ocil_entry_separate_partition(part="/var/log") }}} + +platform: machine diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit.rule b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit.rule index e3b9238..632b1ff 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit.rule +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit.rule @@ -37,3 +37,5 @@ references: stigid@rhel7: "021330" {{{ complete_ocil_entry_separate_partition(part="/var/log/audit") }}} + +platform: machine diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp.rule b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp.rule index 1beb3ff..ec180e2 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp.rule +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp.rule @@ -20,3 +20,5 @@ references: cis: 1.1.7 {{{ complete_ocil_entry_separate_partition(part="/var/tmp") }}} + +platform: machine diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile.rule b/linux_os/guide/system/software/gnome/enable_dconf_user_profile.rule index 9bd6a0b..604a8c6 100644 --- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile.rule +++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile.rule @@ -26,3 +26,5 @@ ocil: |- system-db:local system-db:site system-db:distro + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown.rule b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown.rule index 860a2c9..4bea499 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown.rule +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown.rule @@ -32,3 +32,5 @@ ocil: |- To ensure that users cannot enable disable and restart on the login screen, run the following: 
    $ grep disable-restart-buttons /etc/dconf/db/gdm.d/locks/*
    If properly configured, the output should be /org/gnome/login-screen/disable-restart-buttons + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list.rule b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list.rule index 504c187..450c9b5 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list.rule +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list.rule @@ -28,3 +28,5 @@ ocil: |- To ensure that users cannot enable displaying the user list, run the following: 
    $ grep disable-user-list /etc/dconf/db/gdm.d/locks/*
    If properly configured, the output should be /org/gnome/login-screen/disable-user-list + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth.rule b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth.rule index 176b811..690f330 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth.rule +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth.rule @@ -44,3 +44,5 @@ ocil: |- To ensure that users cannot disable smart card authentication on the login screen, run the following: 
    $ grep enable-smartcard-authentication /etc/dconf/db/gdm.d/locks/*
    If properly configured, the output should be /org/gnome/login-screen/enable-smartcard-authentication + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries.rule b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries.rule index 8297e04..4631a4e 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries.rule +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries.rule @@ -31,3 +31,5 @@ ocil: |- number of failures on the login screen, run the following: 
    $ grep allowed-failures /etc/dconf/db/gdm.d/locks/*
    If properly configured, the output should be /org/gnome/login-screen/allowed-failures + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login.rule b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login.rule index 7170686..62e6d7e 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login.rule +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login.rule @@ -38,3 +38,5 @@ ocil: |- The output should show the following: 
    [daemon]
     AutomaticLoginEnable=false
    + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login.rule b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login.rule index 6390e10..dd13252 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login.rule +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login.rule @@ -38,3 +38,5 @@ ocil: |- The output should show the following: 
    [daemon]
     TimedLoginEnable=false
    + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount.rule b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount.rule index b3cfbcd..75422b0 100644 --- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount.rule +++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount.rule @@ -53,3 +53,5 @@ ocil: |- If properly configured, the output for automount should be /org/gnome/desktop/media-handling/automount If properly configured, the output for automount-open should be /org/gnome/desktop/media-handling/auto-open If properly configured, the output for autorun-never should be /org/gnome/desktop/media-handling/autorun-never + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers.rule b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers.rule index 6b1fd19..bfbfe01 100644 --- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers.rule +++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers.rule @@ -45,3 +45,5 @@ ocil: |- To ensure that users cannot how long until the the screensaver locks, run the following: 
    $ grep disable-all /etc/dconf/db/local.d/locks/*
    If properly configured, the output should be /org/gnome/desktop/thumbnailers/disable-all + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create.rule b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create.rule index 0478e57..37ed712 100644 --- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create.rule +++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create.rule @@ -40,3 +40,5 @@ ocil: |- 
    $ grep wifi-create /etc/dconf/db/local.d/locks/*
    If properly configured, the output should be /org/gnome/nm-applet/disable-wifi-create + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification.rule b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification.rule index 04867c8..e704c6e 100644 --- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification.rule +++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification.rule @@ -42,3 +42,5 @@ ocil: |- 
    $ grep wireless-networks-available /etc/dconf/db/local.d/locks/*
    If properly configured, the output should be /org/gnome/nm-applet/suppress-wireless-networks-available + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt.rule b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt.rule index f2603b6..9891ea5 100644 --- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt.rule +++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt.rule @@ -41,3 +41,5 @@ ocil: |- 
    $ grep authentication-methods /etc/dconf/db/local.d/locks/*
    If properly configured, the output should be /org/gnome/Vino/authentication-methods + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption.rule b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption.rule index e9a8b35..bda2f5c 100644 --- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption.rule +++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption.rule @@ -45,3 +45,5 @@ ocil: |- 
    $ grep require-encryption /etc/dconf/db/local.d/locks/*
    If properly configured, the output should be /org/gnome/Vino/require-encryption + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled.rule index 736bca4..ac5a8cb 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled.rule +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled.rule @@ -43,3 +43,5 @@ ocil: |- To ensure that users cannot disable the screensaver idle inactivity setting, run the following: 
    $ grep idle-activation-enabled /etc/dconf/db/local.d/locks/*
    If properly configured, the output should be /org/gnome/desktop/screensaver/idle-activation-enabled + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay.rule index fb02c5b..21d6261 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay.rule +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay.rule @@ -50,3 +50,5 @@ ocil: |- To ensure that users cannot change the screensaver inactivity timeout setting, run the following: 
    $ grep idle-delay /etc/dconf/db/local.d/locks/*
    If properly configured, the output should be /org/gnome/desktop/session/idle-delay + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay.rule index dd8f391..aa55f86 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay.rule +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay.rule @@ -34,3 +34,5 @@ ocil: |- To ensure that users cannot change how long until the the screensaver locks, run the following: 
    $ grep lock-delay /etc/dconf/db/local.d/locks/*
    If properly configured, the output for lock-delay should be /org/gnome/desktop/screensaver/lock-delay + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled.rule index b337b44..ba2f4e9 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled.rule +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled.rule @@ -45,3 +45,5 @@ ocil: |- To ensure that users cannot change how long until the the screensaver locks, run the following: 
    $ grep lock-enabled /etc/dconf/db/local.d/locks/*
    If properly configured, the output for lock-enabled should be /org/gnome/desktop/screensaver/lock-enabled + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank.rule index f75dd46..a7e32c9 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank.rule +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank.rule @@ -44,3 +44,5 @@ ocil: |- To ensure that users cannot set the screensaver background, run the following: 
    $ grep picture-uri /etc/dconf/db/local.d/locks/*
    If properly configured, the output should be /org/gnome/desktop/screensaver/picture-uri + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info.rule index acf6d64..80fd5e1 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info.rule +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info.rule @@ -40,3 +40,5 @@ ocil: |- To ensure that users cannot enable user name on the lock screen, run the following: 
    $ grep show-full-name-in-top-bar /etc/dconf/db/local.d/locks/*
    If properly configured, the output should be /org/gnome/desktop/screensaver/show-full-name-in-top-bar + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks.rule index 1459ef1..1d0c897 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks.rule +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks.rule @@ -39,3 +39,5 @@ ocil: |- 
    $ grep 'lock-delay' /etc/dconf/db/local.d/locks/*
    If properly configured, the output should return: /org/gnome/desktop/screensaver/lock-delay + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks.rule index b467e33..895cfc4 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks.rule +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks.rule @@ -39,3 +39,5 @@ ocil: |- 
    $ grep 'idle-delay' /etc/dconf/db/local.d/locks/*
    If properly configured, the output should return: /org/gnome/desktop/session/idle-delay + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot.rule b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot.rule index a6eac82..557d1d5 100644 --- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot.rule +++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot.rule @@ -35,3 +35,5 @@ ocil: |- 
    $ grep logout /etc/dconf/db/local.d/locks/*
    If properly configured, the output should be /org/gnome/settings-daemon/plugins/media-keys/logout + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation.rule b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation.rule index 29287df..e7d1377 100644 --- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation.rule +++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation.rule @@ -27,3 +27,5 @@ ocil: |- 
    $ grep location /etc/dconf/db/local.d/locks/*
    If properly configured, the output should be /org/gnome/system/location/enabled and /org/gnome/clocks/geolocation. + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings.rule b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings.rule index 45732fc..bed548f 100644 --- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings.rule +++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings.rule @@ -39,3 +39,5 @@ ocil: |- 
    $ grep power /etc/dconf/db/local.d/locks/*
    If properly configured, the output should be /org/gnome/settings-daemon/plugins/power/active + +platform: machine diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin.rule b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin.rule index a152d85..0ab59df 100644 --- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin.rule +++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin.rule @@ -45,3 +45,5 @@ ocil: |- 
    $ grep user-administration /etc/dconf/db/local.d/locks/*
    If properly configured, the output should be /org/gnome/desktop/lockdown/user-administration-disabled + +platform: machine diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus.rule b/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus.rule index 95e9e56..8258357 100644 --- a/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus.rule +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus.rule @@ -49,3 +49,5 @@ ocil: |- To check on the age of uvscan virus definition files, run the following command: 
    $ sudo cd /opt/NAI/LinuxShield/engine/dat
     $ sudo ls -la avvscan.dat avvnames.dat avvclean.dat
    + +platform: machine diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids.rule b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids.rule index 86b4b02..c46e88e 100644 --- a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids.rule +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids.rule @@ -43,3 +43,5 @@ warnings: detection tools, such as the McAfee Host-based Security System, are available to integrate with existing infrastructure. When these supplemental tools interfere with proper functioning of SELinux, SELinux takes precedence. + +platform: machine diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus.rule b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus.rule index 189e338..0c65b39 100644 --- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus.rule +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus.rule @@ -36,3 +36,5 @@ warnings: - general: |- Due to McAfee HIPS being 3rd party software, automated remediation is not available for this configuration check. + +platform: machine diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated.rule b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated.rule index a88c025..bc7dfc7 100644 --- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated.rule +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated.rule @@ -27,3 +27,5 @@ ocil: |- To check on the age of McAfee virus definition files, run the following command: 
    $ sudo cd /opt/NAI/LinuxShield/engine/dat
     $ sudo ls -la avvscan.dat avvnames.dat avvclean.dat
    + +platform: machine diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled.rule b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled.rule index ee96935..f68e59e 100644 --- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled.rule +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled.rule @@ -24,3 +24,5 @@ references: srg: SRG-OS-000480-GPOS-00227 ocil: '{{{ ocil_service_enabled(service="nails") }}}' + +platform: machine diff --git a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode.rule b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode.rule index 4f70107..c1223d6 100644 --- a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode.rule +++ b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode.rule @@ -60,3 +60,5 @@ warnings:

    See {{{ weblink(link="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm") }}} for a list of FIPS certified vendors. + +platform: machine diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking.rule b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking.rule index 5573351..1a29bac 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking.rule +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking.rule @@ -56,3 +56,5 @@ ocil: |- 
    05 4 * * * root /usr/sbin/aide --check
    NOTE: The usage of special cron times, such as @daily or @weekly, is acceptable. + +platform: machine