scap-security-guide/SOURCES/scap-security-guide-0.1.58-fix_STIG_references-PR_7371.patch

115 lines
7.0 KiB
Diff
Raw Normal View History

From 859684c560e948a439029b0d180fe23659d85141 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Tue, 10 Aug 2021 12:04:16 +0200
Subject: [PATCH] Remove inexistent and/or duplicated STIG references.
---
.../package_xorg-x11-server-common_removed/rule.yml | 1 -
.../accounts_password_pam_unix_remember/rule.yml | 1 -
.../audit_rules_sysadmin_actions/rule.yml | 1 -
.../file_ownership_var_log_audit/rule.yml | 1 -
.../auditd_data_retention_space_left_action/rule.yml | 2 +-
.../harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml | 1 -
.../rule.yml | 2 +-
.../crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml | 1 -
8 files changed, 2 insertions(+), 8 deletions(-)
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
index de8f0f6fd8..6e739d21a2 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
@@ -42,7 +42,6 @@ references:
nist-csf: PR.AC-3,PR.PT-4
srg: SRG-OS-000480-GPOS-00227
stigid@rhel7: RHEL-07-040730
- stigid@rhel8: RHEL-08-040320
ocil_clause: 'the X Windows package group or xorg-x11-server-common has not be removed'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
index 9138681688..a2b66fc4d6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
@@ -50,7 +50,6 @@ references:
srg: SRG-OS-000077-GPOS-00045
stigid@ol7: OL07-00-010270
stigid@rhel7: RHEL-07-010270
- stigid@rhel8: RHEL-08-020220
stigid@sle15: SLES-15-020250
stigid@ubuntu2004: UBTU-20-010070
vmmsrg: SRG-OS-000077-VMM-000440
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
index 12bca676d8..b4291e168c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
@@ -50,7 +50,6 @@ references:
srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,CCI-002884,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221
stigid@ol7: OL07-00-030700
stigid@rhel7: RHEL-07-030700
- stigid@rhel8: RHEL-08-030172
stigid@sle15: SLES-15-030140
vmmsrg: SRG-OS-000462-VMM-001840,SRG-OS-000471-VMM-001910
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
index 956beef52b..96bc0fa0b8 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
@@ -35,7 +35,6 @@ references:
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
stigid@ol7: OL07-00-910055
stigid@rhel7: RHEL-07-910055
- stigid@rhel8: RHEL-08-030080
ocil: |-
{{{ describe_file_owner(file="/var/log/audit", owner="root") }}}
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
index 6e30f1c4ac..7569a6776b 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
@@ -53,7 +53,7 @@ references:
srg: SRG-OS-000343-GPOS-00134
stigid@ol7: OL07-00-030340
stigid@rhel7: RHEL-07-030340
- stigid@rhel8: RHEL-08-030730
+ stigid@rhel8: RHEL-08-030731
stigid@ubuntu2004: UBTU-20-010217
vmmsrg: SRG-OS-000343-VMM-001240
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
index 0aa310d924..682ca436b8 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
@@ -30,7 +30,6 @@ references:
disa: CCI-001453
nist: AC-17(2)
srg: SRG-OS-000250-GPOS-00093
- stigid@rhel8: RHEL-08-010291
ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
index b56f2421f2..e904bc848c 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
@@ -30,7 +30,7 @@ references:
disa: CCI-001453
nist: AC-17(2)
srg: SRG-OS-000250-GPOS-00093
- stigid@rhel8: RHEL-08-010290
+ stigid@rhel8: RHEL-08-010291
ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
index 1aeb987db2..d21f68ac17 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
@@ -28,7 +28,6 @@ references:
disa: CCI-001453
nist: AC-17(2)
srg: SRG-OS-000250-GPOS-00093
- stigid@rhel8: RHEL-08-010290
ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'