2022-04-26 13:52:49 +00:00
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index a0b3efcbf79..1bc7afbb224 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -58,7 +58,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030410
|
|
|
|
stigid@ol8: OL08-00-030540
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030420
|
|
|
|
- stigid@rhel8: RHEL-08-030540
|
|
|
|
+ stigid@rhel8: RHEL-08-030490
|
|
|
|
stigid@sle12: SLES-12-020470
|
|
|
|
stigid@sle15: SLES-15-030300
|
|
|
|
stigid@ubuntu2004: UBTU-20-010153
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 83dd57f2b6d..dc8211684f2 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -58,7 +58,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030410
|
|
|
|
stigid@ol8: OL08-00-030530
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030430
|
|
|
|
- stigid@rhel8: RHEL-08-030530
|
|
|
|
+ stigid@rhel8: RHEL-08-030490
|
|
|
|
stigid@sle12: SLES-12-020480
|
2022-05-10 07:07:44 +00:00
|
|
|
stigid@sle15: SLES-15-030310
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@ubuntu2004: UBTU-20-010154
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 1b78aab4a1a..07592bb2fd9 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -61,7 +61,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030370
|
|
|
|
stigid@ol8: OL08-00-030520
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030380
|
|
|
|
- stigid@rhel8: RHEL-08-030520
|
|
|
|
+ stigid@rhel8: RHEL-08-030480
|
|
|
|
stigid@sle12: SLES-12-020430
|
|
|
|
stigid@sle15: SLES-15-030260
|
|
|
|
stigid@ubuntu2004: UBTU-20-010149
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 360c60de06d..084970765b2 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -58,7 +58,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030370
|
|
|
|
stigid@ol8: OL08-00-030510
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030400
|
|
|
|
- stigid@rhel8: RHEL-08-030510
|
|
|
|
+ stigid@rhel8: RHEL-08-030480
|
|
|
|
stigid@sle12: SLES-12-020450
|
|
|
|
stigid@sle15: SLES-15-030280
|
|
|
|
stigid@ubuntu2004: UBTU-20-010150
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 19bf8a5b981..5695440ad7d 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -75,7 +75,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030440
|
|
|
|
stigid@ol8: OL08-00-030240
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030480
|
|
|
|
- stigid@rhel8: RHEL-08-030240
|
|
|
|
+ stigid@rhel8: RHEL-08-030200
|
|
|
|
stigid@sle12: SLES-12-020410
|
|
|
|
stigid@sle15: SLES-15-030210
|
|
|
|
stigid@ubuntu2004: UBTU-20-010147
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 40cd114042e..ab536a8ae0a 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -70,7 +70,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030440
|
|
|
|
stigid@ol8: OL08-00-030230
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030450
|
|
|
|
- stigid@rhel8: RHEL-08-030230
|
|
|
|
+ stigid@rhel8: RHEL-08-030200
|
|
|
|
stigid@sle12: SLES-12-020380
|
|
|
|
stigid@sle15: SLES-15-030230
|
|
|
|
stigid@ubuntu2004: UBTU-20-010144
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 81dddd9fb71..d1f4ee35ccb 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -58,7 +58,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030370
|
|
|
|
stigid@ol8: OL08-00-030500
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030390
|
|
|
|
- stigid@rhel8: RHEL-08-030500
|
|
|
|
+ stigid@rhel8: RHEL-08-030480
|
|
|
|
stigid@sle12: SLES-12-020440
|
|
|
|
stigid@sle15: SLES-15-030270
|
|
|
|
stigid@ubuntu2004: UBTU-20-010151
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index fa15012b05f..a2425e373bc 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -69,7 +69,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030440
|
|
|
|
stigid@ol8: OL08-00-030220
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030460
|
|
|
|
- stigid@rhel8: RHEL-08-030220
|
|
|
|
+ stigid@rhel8: RHEL-08-030200
|
|
|
|
stigid@sle15: SLES-15-030240
|
|
|
|
stigid@ubuntu2004: UBTU-20-010143
|
|
|
|
vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 6d15eecee2c..0be27fbe860 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -74,7 +74,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030440
|
|
|
|
stigid@ol8: OL08-00-030210
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030470
|
|
|
|
- stigid@rhel8: RHEL-08-030210
|
|
|
|
+ stigid@rhel8: RHEL-08-030200
|
|
|
|
stigid@sle12: SLES-12-020390
|
|
|
|
stigid@sle15: SLES-15-030190
|
|
|
|
stigid@ubuntu2004: UBTU-20-010145
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 6f7cea26e16..5dc13a0a43a 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -70,7 +70,7 @@ references:
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@ol7: OL07-00-030440
|
2022-05-10 07:07:44 +00:00
|
|
|
stigid@ol8: OL08-00-030270
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030440
|
|
|
|
- stigid@rhel8: RHEL-08-030270
|
|
|
|
+ stigid@rhel8: RHEL-08-030200
|
|
|
|
stigid@sle12: SLES-12-020370
|
|
|
|
stigid@sle15: SLES-15-030220
|
|
|
|
stigid@ubuntu2004: UBTU-20-010142
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 718dcb8a9d9..120d6fa84d3 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -52,7 +52,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030910
|
|
|
|
stigid@ol8: OL08-00-030362
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030890
|
|
|
|
- stigid@rhel8: RHEL-08-030362
|
|
|
|
+ stigid@rhel8: RHEL-08-030361
|
|
|
|
stigid@ubuntu2004: UBTU-20-010270
|
|
|
|
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
|
|
|
|
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 643f075f46a..4caa7c66986 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -49,7 +49,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030910
|
|
|
|
stigid@ol8: OL08-00-030363
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030900
|
|
|
|
- stigid@rhel8: RHEL-08-030363
|
|
|
|
+ stigid@rhel8: RHEL-08-030361
|
|
|
|
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
|
|
|
|
|
|
|
|
{{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}}
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 9cf3c4668bc..8fea9dc4582 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -52,7 +52,7 @@ references:
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@ol7: OL07-00-030910
|
2022-05-10 07:07:44 +00:00
|
|
|
stigid@ol8: OL08-00-030364
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030910
|
|
|
|
- stigid@rhel8: RHEL-08-030364
|
|
|
|
+ stigid@rhel8: RHEL-08-030361
|
|
|
|
stigid@ubuntu2004: UBTU-20-010267
|
|
|
|
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
|
|
|
|
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index d0ebbdbd723..bee18e99b52 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -52,7 +52,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030910
|
|
|
|
stigid@ol8: OL08-00-030365
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030920
|
|
|
|
- stigid@rhel8: RHEL-08-030365
|
|
|
|
+ stigid@rhel8: RHEL-08-030361
|
|
|
|
stigid@ubuntu2004: UBTU-20-010268
|
|
|
|
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
|
|
|
|
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 373b12525e1..736c6643b57 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -63,7 +63,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030510
|
|
|
|
stigid@ol8: OL08-00-030470
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030500
|
|
|
|
- stigid@rhel8: RHEL-08-030470
|
|
|
|
+ stigid@rhel8: RHEL-08-030420
|
|
|
|
stigid@sle12: SLES-12-020520
|
|
|
|
stigid@sle15: SLES-15-030160
|
|
|
|
stigid@ubuntu2004: UBTU-20-010158
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 2b2d82a736b..6b4176d53e3 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -66,7 +66,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030510
|
|
|
|
stigid@ol8: OL08-00-030460
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030550
|
|
|
|
- stigid@rhel8: RHEL-08-030460
|
|
|
|
+ stigid@rhel8: RHEL-08-030420
|
|
|
|
stigid@sle12: SLES-12-020510
|
|
|
|
stigid@sle15: SLES-15-030320
|
|
|
|
stigid@ubuntu2004: UBTU-20-010157
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index dcb3d0f0525..90d45b6787e 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -66,7 +66,7 @@ references:
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@ol7: OL07-00-030510
|
2022-05-10 07:07:44 +00:00
|
|
|
stigid@ol8: OL08-00-030440
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030510
|
|
|
|
- stigid@rhel8: RHEL-08-030440
|
|
|
|
+ stigid@rhel8: RHEL-08-030420
|
|
|
|
stigid@sle12: SLES-12-020490
|
|
|
|
stigid@sle15: SLES-15-030150
|
|
|
|
stigid@ubuntu2004: UBTU-20-010155
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index e68d892bb90..6df936e489c 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -60,7 +60,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030510
|
|
|
|
stigid@ol8: OL08-00-030450
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030530
|
|
|
|
- stigid@rhel8: RHEL-08-030450
|
|
|
|
+ stigid@rhel8: RHEL-08-030420
|
|
|
|
stigid@sle12: SLES-12-020540
|
|
|
|
stigid@sle15: SLES-15-030180
|
|
|
|
stigid@ubuntu2004: UBTU-20-010160
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index cd6bd545e71..1b6ae818e48 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -66,7 +66,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030510
|
|
|
|
stigid@ol8: OL08-00-030430
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030520
|
|
|
|
- stigid@rhel8: RHEL-08-030430
|
|
|
|
+ stigid@rhel8: RHEL-08-030420
|
|
|
|
stigid@sle12: SLES-12-020530
|
|
|
|
stigid@sle15: SLES-15-030170
|
|
|
|
stigid@ubuntu2004: UBTU-20-010159
|
|
|
|
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 50e5b4e4f02..2f1c6d0bf22 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -51,7 +51,7 @@ references:
|
|
|
|
stigid@ol7: OL07-00-030820
|
|
|
|
stigid@ol8: OL08-00-030380
|
2022-04-26 13:52:49 +00:00
|
|
|
stigid@rhel7: RHEL-07-030821
|
|
|
|
- stigid@rhel8: RHEL-08-030380
|
|
|
|
+ stigid@rhel8: RHEL-08-030360
|
|
|
|
stigid@sle12: SLES-12-020740
|
|
|
|
stigid@sle15: SLES-15-030530
|
|
|
|
stigid@ubuntu2004: UBTU-20-010180
|
|
|
|
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
|
2022-05-10 07:07:44 +00:00
|
|
|
index ffca983d0bd..d92bc72971c 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/products/rhel8/profiles/stig.profile
|
|
|
|
+++ b/products/rhel8/profiles/stig.profile
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -560,6 +560,8 @@ selections:
|
|
|
|
|
|
|
|
# RHEL-08-020220
|
|
|
|
- accounts_password_pam_pwhistory_remember_system_auth
|
|
|
|
+
|
|
|
|
+ # RHEL-08-020221
|
|
|
|
- accounts_password_pam_pwhistory_remember_password_auth
|
|
|
|
|
|
|
|
# RHEL-08-020230
|
|
|
|
@@ -712,18 +714,11 @@ selections:
|
|
|
|
|
|
|
|
# RHEL-08-030200
|
|
|
|
- audit_rules_dac_modification_lremovexattr
|
|
|
|
-
|
|
|
|
- # RHEL-08-030210
|
|
|
|
- audit_rules_dac_modification_removexattr
|
|
|
|
-
|
|
|
|
- # RHEL-08-030220
|
|
|
|
- audit_rules_dac_modification_lsetxattr
|
|
|
|
-
|
|
|
|
- # RHEL-08-030230
|
|
|
|
- audit_rules_dac_modification_fsetxattr
|
|
|
|
-
|
|
|
|
- # RHEL-08-030240
|
|
|
|
- audit_rules_dac_modification_fremovexattr
|
|
|
|
+ - audit_rules_dac_modification_setxattr
|
|
|
|
|
|
|
|
# RHEL-08-030250
|
|
|
|
- audit_rules_privileged_commands_chage
|
|
|
|
@@ -731,8 +726,6 @@ selections:
|
|
|
|
# RHEL-08-030260
|
|
|
|
- audit_rules_execution_chcon
|
|
|
|
|
|
|
|
- # RHEL-08-030270
|
|
|
|
- - audit_rules_dac_modification_setxattr
|
|
|
|
|
|
|
|
# RHEL-08-030280
|
|
|
|
- audit_rules_privileged_commands_ssh_agent
|
|
|
|
@@ -787,28 +780,18 @@ selections:
|
|
|
|
|
|
|
|
# RHEL-08-030360
|
|
|
|
- audit_rules_kernel_module_loading_init
|
|
|
|
+ - audit_rules_kernel_module_loading_finit
|
|
|
|
|
|
|
|
# RHEL-08-030361
|
|
|
|
- audit_rules_file_deletion_events_rename
|
|
|
|
-
|
|
|
|
- # RHEL-08-030362
|
|
|
|
- audit_rules_file_deletion_events_renameat
|
|
|
|
-
|
|
|
|
- # RHEL-08-030363
|
|
|
|
- audit_rules_file_deletion_events_rmdir
|
|
|
|
-
|
|
|
|
- # RHEL-08-030364
|
|
|
|
- audit_rules_file_deletion_events_unlink
|
|
|
|
-
|
|
|
|
- # RHEL-08-030365
|
|
|
|
- audit_rules_file_deletion_events_unlinkat
|
|
|
|
|
|
|
|
# RHEL-08-030370
|
|
|
|
- audit_rules_privileged_commands_gpasswd
|
|
|
|
|
|
|
|
- # RHEL-08-030380
|
|
|
|
- - audit_rules_kernel_module_loading_finit
|
|
|
|
-
|
|
|
|
# RHEL-08-030390
|
|
|
|
- audit_rules_kernel_module_loading_delete
|
|
|
|
|
|
|
|
@@ -820,41 +803,21 @@ selections:
|
|
|
|
|
|
|
|
# RHEL-08-030420
|
|
|
|
- audit_rules_unsuccessful_file_modification_truncate
|
|
|
|
-
|
|
|
|
- # RHEL-08-030430
|
|
|
|
- audit_rules_unsuccessful_file_modification_openat
|
|
|
|
-
|
|
|
|
- # RHEL-08-030440
|
|
|
|
- audit_rules_unsuccessful_file_modification_open
|
|
|
|
-
|
|
|
|
- # RHEL-08-030450
|
|
|
|
- audit_rules_unsuccessful_file_modification_open_by_handle_at
|
|
|
|
-
|
|
|
|
- # RHEL-08-030460
|
|
|
|
- audit_rules_unsuccessful_file_modification_ftruncate
|
|
|
|
-
|
|
|
|
- # RHEL-08-030470
|
|
|
|
- audit_rules_unsuccessful_file_modification_creat
|
|
|
|
|
|
|
|
# RHEL-08-030480
|
|
|
|
- audit_rules_dac_modification_chown
|
|
|
|
-
|
|
|
|
- # RHEL-08-030490
|
|
|
|
- - audit_rules_dac_modification_chmod
|
|
|
|
-
|
|
|
|
- # RHEL-08-030500
|
|
|
|
- audit_rules_dac_modification_lchown
|
|
|
|
-
|
|
|
|
- # RHEL-08-030510
|
|
|
|
- audit_rules_dac_modification_fchownat
|
|
|
|
-
|
|
|
|
- # RHEL-08-030520
|
|
|
|
- audit_rules_dac_modification_fchown
|
|
|
|
|
|
|
|
- # RHEL-08-030530
|
|
|
|
+ # RHEL-08-030490
|
|
|
|
+ - audit_rules_dac_modification_chmod
|
|
|
|
- audit_rules_dac_modification_fchmodat
|
|
|
|
-
|
|
|
|
- # RHEL-08-030540
|
|
|
|
- audit_rules_dac_modification_fchmod
|
|
|
|
|
|
|
|
# RHEL-08-030550
|
|
|
|
diff --git a/products/rhel9/profiles/stig.profile b/products/rhel9/profiles/stig.profile
|
|
|
|
index eb2cac913bd..42c6d0e9aca 100644
|
|
|
|
--- a/products/rhel9/profiles/stig.profile
|
|
|
|
+++ b/products/rhel9/profiles/stig.profile
|
2022-04-26 13:52:49 +00:00
|
|
|
@@ -561,6 +561,8 @@ selections:
|
|
|
|
|
|
|
|
# RHEL-08-020220
|
|
|
|
- accounts_password_pam_pwhistory_remember_system_auth
|
|
|
|
+
|
|
|
|
+ # RHEL-08-020221
|
|
|
|
- accounts_password_pam_pwhistory_remember_password_auth
|
|
|
|
|
|
|
|
# RHEL-08-020230
|
|
|
|
@@ -713,18 +715,11 @@ selections:
|
|
|
|
|
|
|
|
# RHEL-08-030200
|
|
|
|
- audit_rules_dac_modification_lremovexattr
|
|
|
|
-
|
|
|
|
- # RHEL-08-030210
|
|
|
|
- audit_rules_dac_modification_removexattr
|
|
|
|
-
|
|
|
|
- # RHEL-08-030220
|
|
|
|
- audit_rules_dac_modification_lsetxattr
|
|
|
|
-
|
|
|
|
- # RHEL-08-030230
|
|
|
|
- audit_rules_dac_modification_fsetxattr
|
|
|
|
-
|
|
|
|
- # RHEL-08-030240
|
|
|
|
- audit_rules_dac_modification_fremovexattr
|
|
|
|
+ - audit_rules_dac_modification_setxattr
|
|
|
|
|
|
|
|
# RHEL-08-030250
|
|
|
|
- audit_rules_privileged_commands_chage
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -732,9 +727,6 @@ selections:
|
2022-04-26 13:52:49 +00:00
|
|
|
# RHEL-08-030260
|
|
|
|
- audit_rules_execution_chcon
|
|
|
|
|
|
|
|
- # RHEL-08-030270
|
|
|
|
- - audit_rules_dac_modification_setxattr
|
2022-05-10 07:07:44 +00:00
|
|
|
-
|
2022-04-26 13:52:49 +00:00
|
|
|
# RHEL-08-030280
|
|
|
|
- audit_rules_privileged_commands_ssh_agent
|
2022-05-10 07:07:44 +00:00
|
|
|
|
|
|
|
@@ -788,28 +780,18 @@ selections:
|
2022-04-26 13:52:49 +00:00
|
|
|
|
|
|
|
# RHEL-08-030360
|
|
|
|
- audit_rules_kernel_module_loading_init
|
|
|
|
+ - audit_rules_kernel_module_loading_finit
|
|
|
|
|
|
|
|
# RHEL-08-030361
|
|
|
|
- audit_rules_file_deletion_events_rename
|
|
|
|
-
|
|
|
|
- # RHEL-08-030362
|
|
|
|
- audit_rules_file_deletion_events_renameat
|
|
|
|
-
|
|
|
|
- # RHEL-08-030363
|
|
|
|
- audit_rules_file_deletion_events_rmdir
|
|
|
|
-
|
|
|
|
- # RHEL-08-030364
|
|
|
|
- audit_rules_file_deletion_events_unlink
|
|
|
|
-
|
|
|
|
- # RHEL-08-030365
|
|
|
|
- audit_rules_file_deletion_events_unlinkat
|
|
|
|
|
|
|
|
# RHEL-08-030370
|
|
|
|
- audit_rules_privileged_commands_gpasswd
|
|
|
|
|
|
|
|
- # RHEL-08-030380
|
|
|
|
- - audit_rules_kernel_module_loading_finit
|
|
|
|
-
|
|
|
|
# RHEL-08-030390
|
|
|
|
- audit_rules_kernel_module_loading_delete
|
|
|
|
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -821,41 +803,21 @@ selections:
|
2022-04-26 13:52:49 +00:00
|
|
|
|
|
|
|
# RHEL-08-030420
|
|
|
|
- audit_rules_unsuccessful_file_modification_truncate
|
|
|
|
-
|
|
|
|
- # RHEL-08-030430
|
|
|
|
- audit_rules_unsuccessful_file_modification_openat
|
|
|
|
-
|
|
|
|
- # RHEL-08-030440
|
|
|
|
- audit_rules_unsuccessful_file_modification_open
|
|
|
|
-
|
|
|
|
- # RHEL-08-030450
|
|
|
|
- audit_rules_unsuccessful_file_modification_open_by_handle_at
|
|
|
|
-
|
|
|
|
- # RHEL-08-030460
|
|
|
|
- audit_rules_unsuccessful_file_modification_ftruncate
|
|
|
|
-
|
|
|
|
- # RHEL-08-030470
|
|
|
|
- audit_rules_unsuccessful_file_modification_creat
|
|
|
|
|
|
|
|
# RHEL-08-030480
|
|
|
|
- audit_rules_dac_modification_chown
|
|
|
|
-
|
|
|
|
- # RHEL-08-030490
|
|
|
|
- - audit_rules_dac_modification_chmod
|
|
|
|
-
|
|
|
|
- # RHEL-08-030500
|
|
|
|
- audit_rules_dac_modification_lchown
|
|
|
|
-
|
|
|
|
- # RHEL-08-030510
|
|
|
|
- audit_rules_dac_modification_fchownat
|
|
|
|
-
|
|
|
|
- # RHEL-08-030520
|
|
|
|
- audit_rules_dac_modification_fchown
|
|
|
|
|
|
|
|
- # RHEL-08-030530
|
|
|
|
+ # RHEL-08-030490
|
|
|
|
+ - audit_rules_dac_modification_chmod
|
|
|
|
- audit_rules_dac_modification_fchmodat
|
|
|
|
-
|
|
|
|
- # RHEL-08-030540
|
|
|
|
- audit_rules_dac_modification_fchmod
|
|
|
|
|
|
|
|
# RHEL-08-030550
|