From f1889f8d92324bea16a6f41726ec0bbca52ef0f2 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Mon, 16 Mar 2020 17:34:12 +0100 Subject: [PATCH 1/2] Select rules for audit login events --- .../audit_login_events/audit_rules_login_events/rule.yml | 1 - .../audit_rules_login_events_faillock/rule.yml | 1 + .../audit_rules_login_events_lastlog/rule.yml | 2 +- 4 files changed, 4 insertions(+), 7 deletions(-) diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml index 45367cf313..0a9a73caac 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml @@ -34,7 +34,6 @@ identifiers: references: nist@rhel6: AC-3(10) nist-csf@rhel6: PR.AC-4,PR.AC-6,PR.PT-3 - cis: 5.2.8 cjis: 5.4.1.1 cui: 3.1.7 disa: 172,2884 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml index 4d2af18816..257e99fb48 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml @@ -31,6 +31,7 @@ identifiers: references: cis: 5.2.8 + cis@rhel8: 4.1.4 cui: 3.1.7 disa: 172,2884,126 hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3)(ii)(A),164.308(a)(5)(ii)(C),164.312(a)(2)(i),164.312(b),164.312(d),164.312(e) diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml index 355004ae98..7400d6a0d3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml @@ -30,7 +30,7 @@ identifiers: cce@ocp4: 82584-4 references: - cis: 5.2.8 + cis@rhel8: 4.1.4 cui: 3.1.7 disa: 172,2884,126 hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3)(ii)(A),164.308(a)(5)(ii)(C),164.312(a)(2)(i),164.312(b),164.312(d),164.312(e) From a6d171b6fcea7042b17e07b2e8598c5523d92f28 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Thu, 19 Mar 2020 11:44:51 +0100 Subject: [PATCH 2/2] Add RHEL7 CIS references for login events rules --- .../audit_rules_login_events_faillock/rule.yml | 2 +- .../audit_rules_login_events_lastlog/rule.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml index 257e99fb48..eacab5f522 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml @@ -30,7 +30,7 @@ identifiers: cce@ocp4: 82583-6 references: - cis: 5.2.8 + cis@rhel7: 4.1.8 cis@rhel8: 4.1.4 cui: 3.1.7 disa: 172,2884,126 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml index 7400d6a0d3..7fce76ab02 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml @@ -30,6 +30,7 @@ identifiers: cce@ocp4: 82584-4 references: + cis@rhel7: 4.1.8 cis@rhel8: 4.1.4 cui: 3.1.7 disa: 172,2884,126