115 lines
7.0 KiB
Diff
115 lines
7.0 KiB
Diff
|
From 859684c560e948a439029b0d180fe23659d85141 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Gabriel Becker <ggasparb@redhat.com>
|
||
|
|
Date: Tue, 10 Aug 2021 12:04:16 +0200
|
||
|
|
Subject: [PATCH] Remove inexistent and/or duplicated STIG references.
|
||
|
|
|
||
|
|
---
|
||
|
|
.../package_xorg-x11-server-common_removed/rule.yml | 1 -
|
||
|
|
.../accounts_password_pam_unix_remember/rule.yml | 1 -
|
||
|
|
.../audit_rules_sysadmin_actions/rule.yml | 1 -
|
||
|
|
.../file_ownership_var_log_audit/rule.yml | 1 -
|
||
|
|
.../auditd_data_retention_space_left_action/rule.yml | 2 +-
|
||
|
|
.../harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml | 1 -
|
||
|
|
.../rule.yml | 2 +-
|
||
|
|
.../crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml | 1 -
|
||
|
|
8 files changed, 2 insertions(+), 8 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
|
||
|
|
index de8f0f6fd8..6e739d21a2 100644
|
||
|
|
--- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
|
||
|
|
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
|
||
|
|
@@ -42,7 +42,6 @@ references:
|
||
|
|
nist-csf: PR.AC-3,PR.PT-4
|
||
|
|
srg: SRG-OS-000480-GPOS-00227
|
||
|
|
stigid@rhel7: RHEL-07-040730
|
||
|
|
- stigid@rhel8: RHEL-08-040320
|
||
|
|
|
||
|
|
ocil_clause: 'the X Windows package group or xorg-x11-server-common has not be removed'
|
||
|
|
|
||
|
|
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
|
||
|
|
index 9138681688..a2b66fc4d6 100644
|
||
|
|
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
|
||
|
|
@@ -50,7 +50,6 @@ references:
|
||
|
|
srg: SRG-OS-000077-GPOS-00045
|
||
|
|
stigid@ol7: OL07-00-010270
|
||
|
|
stigid@rhel7: RHEL-07-010270
|
||
|
|
- stigid@rhel8: RHEL-08-020220
|
||
|
|
stigid@sle15: SLES-15-020250
|
||
|
|
stigid@ubuntu2004: UBTU-20-010070
|
||
|
|
vmmsrg: SRG-OS-000077-VMM-000440
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
|
||
|
|
index 12bca676d8..b4291e168c 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
|
||
|
|
@@ -50,7 +50,6 @@ references:
|
||
|
|
srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,CCI-002884,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221
|
||
|
|
stigid@ol7: OL07-00-030700
|
||
|
|
stigid@rhel7: RHEL-07-030700
|
||
|
|
- stigid@rhel8: RHEL-08-030172
|
||
|
|
stigid@sle15: SLES-15-030140
|
||
|
|
vmmsrg: SRG-OS-000462-VMM-001840,SRG-OS-000471-VMM-001910
|
||
|
|
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
|
||
|
|
index 956beef52b..96bc0fa0b8 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
|
||
|
|
@@ -35,7 +35,6 @@ references:
|
||
|
|
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
|
||
|
|
stigid@ol7: OL07-00-910055
|
||
|
|
stigid@rhel7: RHEL-07-910055
|
||
|
|
- stigid@rhel8: RHEL-08-030080
|
||
|
|
|
||
|
|
ocil: |-
|
||
|
|
{{{ describe_file_owner(file="/var/log/audit", owner="root") }}}
|
||
|
|
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
|
||
|
|
index 6e30f1c4ac..7569a6776b 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
|
||
|
|
@@ -53,7 +53,7 @@ references:
|
||
|
|
srg: SRG-OS-000343-GPOS-00134
|
||
|
|
stigid@ol7: OL07-00-030340
|
||
|
|
stigid@rhel7: RHEL-07-030340
|
||
|
|
- stigid@rhel8: RHEL-08-030730
|
||
|
|
+ stigid@rhel8: RHEL-08-030731
|
||
|
|
stigid@ubuntu2004: UBTU-20-010217
|
||
|
|
vmmsrg: SRG-OS-000343-VMM-001240
|
||
|
|
|
||
|
|
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
|
||
|
|
index 0aa310d924..682ca436b8 100644
|
||
|
|
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
|
||
|
|
@@ -30,7 +30,6 @@ references:
|
||
|
|
disa: CCI-001453
|
||
|
|
nist: AC-17(2)
|
||
|
|
srg: SRG-OS-000250-GPOS-00093
|
||
|
|
- stigid@rhel8: RHEL-08-010291
|
||
|
|
|
||
|
|
ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
|
||
|
|
|
||
|
|
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
|
||
|
|
index b56f2421f2..e904bc848c 100644
|
||
|
|
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
|
||
|
|
@@ -30,7 +30,7 @@ references:
|
||
|
|
disa: CCI-001453
|
||
|
|
nist: AC-17(2)
|
||
|
|
srg: SRG-OS-000250-GPOS-00093
|
||
|
|
- stigid@rhel8: RHEL-08-010290
|
||
|
|
+ stigid@rhel8: RHEL-08-010291
|
||
|
|
|
||
|
|
ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
|
||
|
|
|
||
|
|
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
|
||
|
|
index 1aeb987db2..d21f68ac17 100644
|
||
|
|
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
|
||
|
|
@@ -28,7 +28,6 @@ references:
|
||
|
|
disa: CCI-001453
|
||
|
|
nist: AC-17(2)
|
||
|
|
srg: SRG-OS-000250-GPOS-00093
|
||
|
|
- stigid@rhel8: RHEL-08-010290
|
||
|
|
|
||
|
|
ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
|
||
|
|
|