scap-security-guide/SOURCES/scap-security-guide-0.1.58-audit_privileged_rhel_cis-PR_7353.patch

From 01397cbe2a62303ef001ab5e5821ffafd6929e41 Mon Sep 17 00:00:00 2001
From: Alex Haydock <alex@alexhaydock.co.uk>
Date: Fri, 6 Aug 2021 16:46:22 +0100
Subject: [PATCH] Update CCEs and identifiers on rules that make up RHEL 8 CIS
 4.1.15

---
 .../audit_rules_privileged_commands_insmod/rule.yml            | 2 ++
 .../audit_rules_privileged_commands_modprobe/rule.yml          | 2 ++
 .../audit_rules_privileged_commands_rmmod/rule.yml             | 2 ++
 shared/references/cce-redhat-avail.txt                         | 3 ---
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
index 5c3a99447c..a4ecb0d1e0 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
@@ -28,10 +28,12 @@ severity: medium
 
 identifiers:
     cce@rhel7: CCE-85851-4
+    cce@rhel8: CCE-85919-9
     cce@sle15: CCE-85744-1
 
 references:
     cis@rhel7: 4.1.16
+    cis@rhel8: 4.1.15
     cis@ubuntu2004: 4.1.16
     disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
     nist: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
index 5e03dde851..f70c537064 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
@@ -32,10 +32,12 @@ severity: medium
 
 identifiers:
     cce@rhel7: CCE-85853-0
+    cce@rhel8: CCE-85973-6
     cce@sle15: CCE-85731-8
 
 references:
     cis@rhel7: 4.1.16
+    cis@rhel8: 4.1.15
     cis@ubuntu2004: 4.1.16
     disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
     nist: AU-12(a),AU-12.1(ii),AU-3,AU-3.1,AU-12(c),AU-12.1(iv),MA-4(1)(a)
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
index 1535041672..113c8fc4bc 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
@@ -28,10 +28,12 @@ severity: medium
 
 identifiers:
     cce@rhel7: CCE-85852-2
+    cce@rhel8: CCE-86017-1
     cce@sle15: CCE-85732-6
 
 references:
     cis@rhel7: 4.1.16
+    cis@rhel8: 4.1.15
     cis@ubuntu2004: 4.1.16
     disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
     nist@sle15: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index 001262c6ee..aaa631515b 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -49,7 +49,6 @@ CCE-85915-7
 CCE-85916-5
 CCE-85917-3
 CCE-85918-1
-CCE-85919-9
 CCE-85920-7
 CCE-85921-5
 CCE-85922-3
@@ -100,7 +99,6 @@ CCE-85968-6
 CCE-85969-4
 CCE-85970-2
 CCE-85972-8
-CCE-85973-6
 CCE-85974-4
 CCE-85975-1
 CCE-85976-9
@@ -143,7 +141,6 @@ CCE-86013-0
 CCE-86014-8
 CCE-86015-5
 CCE-86016-3
-CCE-86017-1
 CCE-86018-9
 CCE-86019-7
 CCE-86020-5
import scap-security-guide-0.1.57-3.el8 2021-08-24 22:41:12 +00:00			`From 01397cbe2a62303ef001ab5e5821ffafd6929e41 Mon Sep 17 00:00:00 2001`
			`From: Alex Haydock <alex@alexhaydock.co.uk>`
			`Date: Fri, 6 Aug 2021 16:46:22 +0100`
			`Subject: [PATCH] Update CCEs and identifiers on rules that make up RHEL 8 CIS`
			`4.1.15`

			`---`
			`.../audit_rules_privileged_commands_insmod/rule.yml \| 2 ++`
			`.../audit_rules_privileged_commands_modprobe/rule.yml \| 2 ++`
			`.../audit_rules_privileged_commands_rmmod/rule.yml \| 2 ++`
			`shared/references/cce-redhat-avail.txt \| 3 ---`
			`4 files changed, 6 insertions(+), 3 deletions(-)`

			`diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml`
			`index 5c3a99447c..a4ecb0d1e0 100644`
			`--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml`
			`+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml`
			`@@ -28,10 +28,12 @@ severity: medium`

			`identifiers:`
			`cce@rhel7: CCE-85851-4`
			`+ cce@rhel8: CCE-85919-9`
			`cce@sle15: CCE-85744-1`

			`references:`
			`cis@rhel7: 4.1.16`
			`+ cis@rhel8: 4.1.15`
			`cis@ubuntu2004: 4.1.16`
			`disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884`
			`nist: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)`
			`diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml`
			`index 5e03dde851..f70c537064 100644`
			`--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml`
			`+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml`
			`@@ -32,10 +32,12 @@ severity: medium`

			`identifiers:`
			`cce@rhel7: CCE-85853-0`
			`+ cce@rhel8: CCE-85973-6`
			`cce@sle15: CCE-85731-8`

			`references:`
			`cis@rhel7: 4.1.16`
			`+ cis@rhel8: 4.1.15`
			`cis@ubuntu2004: 4.1.16`
			`disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884`
			`nist: AU-12(a),AU-12.1(ii),AU-3,AU-3.1,AU-12(c),AU-12.1(iv),MA-4(1)(a)`
			`diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml`
			`index 1535041672..113c8fc4bc 100644`
			`--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml`
			`+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml`
			`@@ -28,10 +28,12 @@ severity: medium`

			`identifiers:`
			`cce@rhel7: CCE-85852-2`
			`+ cce@rhel8: CCE-86017-1`
			`cce@sle15: CCE-85732-6`

			`references:`
			`cis@rhel7: 4.1.16`
			`+ cis@rhel8: 4.1.15`
			`cis@ubuntu2004: 4.1.16`
			`disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884`
			`nist@sle15: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)`
			`diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt`
			`index 001262c6ee..aaa631515b 100644`
			`--- a/shared/references/cce-redhat-avail.txt`
			`+++ b/shared/references/cce-redhat-avail.txt`
			`@@ -49,7 +49,6 @@ CCE-85915-7`
			`CCE-85916-5`
			`CCE-85917-3`
			`CCE-85918-1`
			`-CCE-85919-9`
			`CCE-85920-7`
			`CCE-85921-5`
			`CCE-85922-3`
			`@@ -100,7 +99,6 @@ CCE-85968-6`
			`CCE-85969-4`
			`CCE-85970-2`
			`CCE-85972-8`
			`-CCE-85973-6`
			`CCE-85974-4`
			`CCE-85975-1`
			`CCE-85976-9`
			`@@ -143,7 +141,6 @@ CCE-86013-0`
			`CCE-86014-8`
			`CCE-86015-5`
			`CCE-86016-3`
			`-CCE-86017-1`
			`CCE-86018-9`
			`CCE-86019-7`
			`CCE-86020-5`