383 lines
24 KiB
Diff
383 lines
24 KiB
Diff
|
commit 3064c4bc94047b1ca4c91db6008ded0694121563
|
||
|
|
Author: Watson Sato <wsato@redhat.com>
|
||
|
|
Date: Mon Feb 28 10:57:59 2022 +0100
|
||
|
|
|
||
|
|
Manual edited patch scap-security-guide-0.1.61-rhel8_stig_audit_rules-PR_8174.patch.
|
||
|
|
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
|
||
|
|
index 6c3cc55..9208a17 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
|
||
|
|
@@ -55,7 +55,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203
|
||
|
|
stigid@ol7: OL07-00-030420
|
||
|
|
stigid@rhel7: RHEL-07-030420
|
||
|
|
- stigid@rhel8: RHEL-08-030540
|
||
|
|
+ stigid@rhel8: RHEL-08-030490
|
||
|
|
stigid@sle12: SLES-12-020470
|
||
|
|
stigid@sle15: SLES-15-030300
|
||
|
|
stigid@ubuntu2004: UBTU-20-010153
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
|
||
|
|
index 3e51d48..595824c 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
|
||
|
|
@@ -55,7 +55,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203
|
||
|
|
stigid@ol7: OL07-00-030430
|
||
|
|
stigid@rhel7: RHEL-07-030430
|
||
|
|
- stigid@rhel8: RHEL-08-030530
|
||
|
|
+ stigid@rhel8: RHEL-08-030490
|
||
|
|
stigid@sle12: SLES-12-020480
|
||
|
|
stigid@sle15: SLES-12-030310
|
||
|
|
stigid@ubuntu2004: UBTU-20-010154
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
|
||
|
|
index d89875f..470a995 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
|
||
|
|
@@ -58,7 +58,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219
|
||
|
|
stigid@ol7: OL07-00-030380
|
||
|
|
stigid@rhel7: RHEL-07-030380
|
||
|
|
- stigid@rhel8: RHEL-08-030520
|
||
|
|
+ stigid@rhel8: RHEL-08-030480
|
||
|
|
stigid@sle12: SLES-12-020430
|
||
|
|
stigid@sle15: SLES-15-030260
|
||
|
|
stigid@ubuntu2004: UBTU-20-010149
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
|
||
|
|
index e6caaeb..4db008f 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
|
||
|
|
@@ -55,7 +55,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219
|
||
|
|
stigid@ol7: OL07-00-030400
|
||
|
|
stigid@rhel7: RHEL-07-030400
|
||
|
|
- stigid@rhel8: RHEL-08-030510
|
||
|
|
+ stigid@rhel8: RHEL-08-030480
|
||
|
|
stigid@sle12: SLES-12-020450
|
||
|
|
stigid@sle15: SLES-15-030280
|
||
|
|
stigid@ubuntu2004: UBTU-20-010150
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
|
||
|
|
index b9ad3c7..cd4b200 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
|
||
|
|
@@ -72,7 +72,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000466-GPOS-00210,SRG-OS-000064-GPOS-00033
|
||
|
|
stigid@ol7: OL07-00-030480
|
||
|
|
stigid@rhel7: RHEL-07-030480
|
||
|
|
- stigid@rhel8: RHEL-08-030240
|
||
|
|
+ stigid@rhel8: RHEL-08-030200
|
||
|
|
stigid@sle12: SLES-12-020410
|
||
|
|
stigid@sle15: SLES-15-030210
|
||
|
|
stigid@ubuntu2004: UBTU-20-010147
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
|
||
|
|
index cedf05f..dc6ef7f 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
|
||
|
|
@@ -67,7 +67,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000064-GPOS-00033
|
||
|
|
stigid@ol7: OL07-00-030450
|
||
|
|
stigid@rhel7: RHEL-07-030450
|
||
|
|
- stigid@rhel8: RHEL-08-030230
|
||
|
|
+ stigid@rhel8: RHEL-08-030200
|
||
|
|
stigid@sle12: SLES-12-020380
|
||
|
|
stigid@sle15: SLES-15-030230
|
||
|
|
stigid@ubuntu2004: UBTU-20-010144
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
|
||
|
|
index 190509c..e57e177 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
|
||
|
|
@@ -55,7 +55,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219
|
||
|
|
stigid@ol7: OL07-00-030390
|
||
|
|
stigid@rhel7: RHEL-07-030390
|
||
|
|
- stigid@rhel8: RHEL-08-030500
|
||
|
|
+ stigid@rhel8: RHEL-08-030480
|
||
|
|
stigid@sle12: SLES-12-020440
|
||
|
|
stigid@sle15: SLES-15-030270
|
||
|
|
stigid@ubuntu2004: UBTU-20-010151
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
|
||
|
|
index 3662262..52ee93a 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
|
||
|
|
@@ -66,7 +66,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000064-GPOS-00033
|
||
|
|
stigid@ol7: OL07-00-030460
|
||
|
|
stigid@rhel7: RHEL-07-030460
|
||
|
|
- stigid@rhel8: RHEL-08-030220
|
||
|
|
+ stigid@rhel8: RHEL-08-030200
|
||
|
|
stigid@sle15: SLES-15-030240
|
||
|
|
stigid@ubuntu2004: UBTU-20-010143
|
||
|
|
vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
|
||
|
|
index ac9d349..c462eb7 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
|
||
|
|
@@ -71,7 +71,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000466-GPOS-00210,SRG-OS-000064-GPOS-00033
|
||
|
|
stigid@ol7: OL07-00-030470
|
||
|
|
stigid@rhel7: RHEL-07-030470
|
||
|
|
- stigid@rhel8: RHEL-08-030210
|
||
|
|
+ stigid@rhel8: RHEL-08-030200
|
||
|
|
stigid@sle12: SLES-12-020390
|
||
|
|
stigid@sle15: SLES-15-030190
|
||
|
|
stigid@ubuntu2004: UBTU-20-010145
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
|
||
|
|
index b661a1f..23630ec 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
|
||
|
|
@@ -67,7 +67,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203
|
||
|
|
stigid@ol7: OL07-00-030440
|
||
|
|
stigid@rhel7: RHEL-07-030440
|
||
|
|
- stigid@rhel8: RHEL-08-030270
|
||
|
|
+ stigid@rhel8: RHEL-08-030200
|
||
|
|
stigid@sle12: SLES-12-020370
|
||
|
|
stigid@sle15: SLES-15-030220
|
||
|
|
stigid@ubuntu2004: UBTU-20-010142
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
|
||
|
|
index 37620a3..0f25e93 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
|
||
|
|
@@ -48,7 +48,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212
|
||
|
|
stigid@ol7: OL07-00-030890
|
||
|
|
stigid@rhel7: RHEL-07-030890
|
||
|
|
- stigid@rhel8: RHEL-08-030362
|
||
|
|
+ stigid@rhel8: RHEL-08-030361
|
||
|
|
stigid@ubuntu2004: UBTU-20-010270
|
||
|
|
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
|
||
|
|
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
|
||
|
|
index e6b4004..7c5b3b0 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
|
||
|
|
@@ -47,7 +47,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212
|
||
|
|
stigid@ol7: OL07-00-030900
|
||
|
|
stigid@rhel7: RHEL-07-030900
|
||
|
|
- stigid@rhel8: RHEL-08-030363
|
||
|
|
+ stigid@rhel8: RHEL-08-030361
|
||
|
|
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
|
||
|
|
|
||
|
|
{{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}}
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
|
||
|
|
index bfe53b7..209c622 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
|
||
|
|
@@ -48,7 +48,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212
|
||
|
|
stigid@ol7: OL07-00-030910
|
||
|
|
stigid@rhel7: RHEL-07-030910
|
||
|
|
- stigid@rhel8: RHEL-08-030364
|
||
|
|
+ stigid@rhel8: RHEL-08-030361
|
||
|
|
stigid@ubuntu2004: UBTU-20-010267
|
||
|
|
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
|
||
|
|
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
|
||
|
|
index bd246f1..56c644e 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
|
||
|
|
@@ -48,7 +48,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212
|
||
|
|
stigid@ol7: OL07-00-030920
|
||
|
|
stigid@rhel7: RHEL-07-030920
|
||
|
|
- stigid@rhel8: RHEL-08-030365
|
||
|
|
+ stigid@rhel8: RHEL-08-030361
|
||
|
|
stigid@ubuntu2004: UBTU-20-010268
|
||
|
|
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
|
||
|
|
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
|
||
|
|
index 5c751cb..4516c7c 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
|
||
|
|
@@ -60,7 +60,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205
|
||
|
|
stigid@ol7: OL07-00-030500
|
||
|
|
stigid@rhel7: RHEL-07-030500
|
||
|
|
- stigid@rhel8: RHEL-08-030470
|
||
|
|
+ stigid@rhel8: RHEL-08-030420
|
||
|
|
stigid@sle12: SLES-12-020520
|
||
|
|
stigid@sle15: SLES-15-030160
|
||
|
|
stigid@ubuntu2004: UBTU-20-010158
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
|
||
|
|
index 76bcea1..4a845c3 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
|
||
|
|
@@ -63,7 +63,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205
|
||
|
|
stigid@ol7: OL07-00-030550
|
||
|
|
stigid@rhel7: RHEL-07-030550
|
||
|
|
- stigid@rhel8: RHEL-08-030460
|
||
|
|
+ stigid@rhel8: RHEL-08-030420
|
||
|
|
stigid@sle12: SLES-12-020510
|
||
|
|
stigid@sle15: SLES-15-030320
|
||
|
|
stigid@ubuntu2004: UBTU-20-010157
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
|
||
|
|
index 7c6764d..fc6cf35 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
|
||
|
|
@@ -63,7 +63,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205
|
||
|
|
stigid@ol7: OL07-00-030510
|
||
|
|
stigid@rhel7: RHEL-07-030510
|
||
|
|
- stigid@rhel8: RHEL-08-030440
|
||
|
|
+ stigid@rhel8: RHEL-08-030420
|
||
|
|
stigid@sle12: SLES-12-020490
|
||
|
|
stigid@sle15: SLES-15-030150
|
||
|
|
stigid@ubuntu2004: UBTU-20-010155
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
|
||
|
|
index 9bb5ffe..be08972 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
|
||
|
|
@@ -59,7 +59,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205
|
||
|
|
stigid@ol7: OL07-00-030530
|
||
|
|
stigid@rhel7: RHEL-07-030530
|
||
|
|
- stigid@rhel8: RHEL-08-030450
|
||
|
|
+ stigid@rhel8: RHEL-08-030420
|
||
|
|
stigid@sle12: SLES-12-020540
|
||
|
|
stigid@sle15: SLES-15-030180
|
||
|
|
stigid@ubuntu2004: UBTU-20-010160
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
|
||
|
|
index c99656c..63aa3f3 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
|
||
|
|
@@ -63,7 +63,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205
|
||
|
|
stigid@ol7: OL07-00-030520
|
||
|
|
stigid@rhel7: RHEL-07-030520
|
||
|
|
- stigid@rhel8: RHEL-08-030430
|
||
|
|
+ stigid@rhel8: RHEL-08-030420
|
||
|
|
stigid@sle12: SLES-12-020530
|
||
|
|
stigid@sle15: SLES-15-030170
|
||
|
|
stigid@ubuntu2004: UBTU-20-010159
|
||
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
|
||
|
|
index aa17002..62cc33d 100644
|
||
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
|
||
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
|
||
|
|
@@ -50,7 +50,7 @@ references:
|
||
|
|
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222
|
||
|
|
stigid@ol7: OL07-00-030821
|
||
|
|
stigid@rhel7: RHEL-07-030821
|
||
|
|
- stigid@rhel8: RHEL-08-030380
|
||
|
|
+ stigid@rhel8: RHEL-08-030360
|
||
|
|
stigid@sle12: SLES-12-020740
|
||
|
|
stigid@sle15: SLES-15-030530
|
||
|
|
stigid@ubuntu2004: UBTU-20-010180
|
||
|
|
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
|
||
|
|
index a641eee..5829039 100644
|
||
|
|
--- a/products/rhel8/profiles/stig.profile
|
||
|
|
+++ b/products/rhel8/profiles/stig.profile
|
||
|
|
@@ -561,6 +561,8 @@ selections:
|
||
|
|
|
||
|
|
# RHEL-08-020220
|
||
|
|
- accounts_password_pam_pwhistory_remember_system_auth
|
||
|
|
+
|
||
|
|
+ # RHEL-08-020221
|
||
|
|
- accounts_password_pam_pwhistory_remember_password_auth
|
||
|
|
|
||
|
|
# RHEL-08-020230
|
||
|
|
@@ -713,18 +715,11 @@ selections:
|
||
|
|
|
||
|
|
# RHEL-08-030200
|
||
|
|
- audit_rules_dac_modification_lremovexattr
|
||
|
|
-
|
||
|
|
- # RHEL-08-030210
|
||
|
|
- audit_rules_dac_modification_removexattr
|
||
|
|
-
|
||
|
|
- # RHEL-08-030220
|
||
|
|
- audit_rules_dac_modification_lsetxattr
|
||
|
|
-
|
||
|
|
- # RHEL-08-030230
|
||
|
|
- audit_rules_dac_modification_fsetxattr
|
||
|
|
-
|
||
|
|
- # RHEL-08-030240
|
||
|
|
- audit_rules_dac_modification_fremovexattr
|
||
|
|
+ - audit_rules_dac_modification_setxattr
|
||
|
|
|
||
|
|
# RHEL-08-030250
|
||
|
|
- audit_rules_privileged_commands_chage
|
||
|
|
@@ -732,8 +727,6 @@ selections:
|
||
|
|
# RHEL-08-030260
|
||
|
|
- audit_rules_execution_chcon
|
||
|
|
|
||
|
|
- # RHEL-08-030270
|
||
|
|
- - audit_rules_dac_modification_setxattr
|
||
|
|
|
||
|
|
# RHEL-08-030280
|
||
|
|
- audit_rules_privileged_commands_ssh_agent
|
||
|
|
@@ -788,28 +781,18 @@ selections:
|
||
|
|
|
||
|
|
# RHEL-08-030360
|
||
|
|
- audit_rules_kernel_module_loading_init
|
||
|
|
+ - audit_rules_kernel_module_loading_finit
|
||
|
|
|
||
|
|
# RHEL-08-030361
|
||
|
|
- audit_rules_file_deletion_events_rename
|
||
|
|
-
|
||
|
|
- # RHEL-08-030362
|
||
|
|
- audit_rules_file_deletion_events_renameat
|
||
|
|
-
|
||
|
|
- # RHEL-08-030363
|
||
|
|
- audit_rules_file_deletion_events_rmdir
|
||
|
|
-
|
||
|
|
- # RHEL-08-030364
|
||
|
|
- audit_rules_file_deletion_events_unlink
|
||
|
|
-
|
||
|
|
- # RHEL-08-030365
|
||
|
|
- audit_rules_file_deletion_events_unlinkat
|
||
|
|
|
||
|
|
# RHEL-08-030370
|
||
|
|
- audit_rules_privileged_commands_gpasswd
|
||
|
|
|
||
|
|
- # RHEL-08-030380
|
||
|
|
- - audit_rules_kernel_module_loading_finit
|
||
|
|
-
|
||
|
|
# RHEL-08-030390
|
||
|
|
- audit_rules_kernel_module_loading_delete
|
||
|
|
|
||
|
|
@@ -821,41 +804,21 @@ selections:
|
||
|
|
|
||
|
|
# RHEL-08-030420
|
||
|
|
- audit_rules_unsuccessful_file_modification_truncate
|
||
|
|
-
|
||
|
|
- # RHEL-08-030430
|
||
|
|
- audit_rules_unsuccessful_file_modification_openat
|
||
|
|
-
|
||
|
|
- # RHEL-08-030440
|
||
|
|
- audit_rules_unsuccessful_file_modification_open
|
||
|
|
-
|
||
|
|
- # RHEL-08-030450
|
||
|
|
- audit_rules_unsuccessful_file_modification_open_by_handle_at
|
||
|
|
-
|
||
|
|
- # RHEL-08-030460
|
||
|
|
- audit_rules_unsuccessful_file_modification_ftruncate
|
||
|
|
-
|
||
|
|
- # RHEL-08-030470
|
||
|
|
- audit_rules_unsuccessful_file_modification_creat
|
||
|
|
|
||
|
|
# RHEL-08-030480
|
||
|
|
- audit_rules_dac_modification_chown
|
||
|
|
-
|
||
|
|
- # RHEL-08-030490
|
||
|
|
- - audit_rules_dac_modification_chmod
|
||
|
|
-
|
||
|
|
- # RHEL-08-030500
|
||
|
|
- audit_rules_dac_modification_lchown
|
||
|
|
-
|
||
|
|
- # RHEL-08-030510
|
||
|
|
- audit_rules_dac_modification_fchownat
|
||
|
|
-
|
||
|
|
- # RHEL-08-030520
|
||
|
|
- audit_rules_dac_modification_fchown
|
||
|
|
|
||
|
|
- # RHEL-08-030530
|
||
|
|
+ # RHEL-08-030490
|
||
|
|
+ - audit_rules_dac_modification_chmod
|
||
|
|
- audit_rules_dac_modification_fchmodat
|
||
|
|
-
|
||
|
|
- # RHEL-08-030540
|
||
|
|
- audit_rules_dac_modification_fchmod
|
||
|
|
|
||
|
|
# RHEL-08-030550
|