212 lines
8.5 KiB
Diff
212 lines
8.5 KiB
Diff
|
From 8455c8556a6d828b15ebc62cf511e484dd626a36 Mon Sep 17 00:00:00 2001
|
||
|
From: Matthew Burket <mburket@redhat.com>
|
||
|
Date: Fri, 16 Jul 2021 13:16:12 -0500
|
||
|
Subject: [PATCH] Add rules for RHEL-08-030610
|
||
|
|
||
|
Added two rules, one for each of the paths mentioned in the STIG.
|
||
|
---
|
||
|
.../rule.yml | 35 ++++++++++++++++++
|
||
|
.../tests/correct_permissions.pass.sh | 6 ++++
|
||
|
.../tests/incorrect_permissions.fail.sh | 6 ++++
|
||
|
.../rule.yml | 36 +++++++++++++++++++
|
||
|
.../tests/correct_permissions.pass.sh | 6 ++++
|
||
|
.../tests/incorrect_permissions.fail.sh | 6 ++++
|
||
|
products/rhel8/profiles/stig.profile | 2 ++
|
||
|
shared/references/cce-redhat-avail.txt | 2 --
|
||
|
.../data/profile_stability/rhel8/stig.profile | 2 ++
|
||
|
.../profile_stability/rhel8/stig_gui.profile | 2 ++
|
||
|
10 files changed, 101 insertions(+), 2 deletions(-)
|
||
|
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
|
||
|
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh
|
||
|
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh
|
||
|
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
|
||
|
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh
|
||
|
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh
|
||
|
|
||
|
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
|
||
|
new file mode 100644
|
||
|
index 0000000000..1cde3ded5f
|
||
|
--- /dev/null
|
||
|
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
|
||
|
@@ -0,0 +1,35 @@
|
||
|
+documentation_complete: true
|
||
|
+
|
||
|
+prodtype: fedora,rhel8
|
||
|
+
|
||
|
+title: 'Verify Permissions on /etc/audit/auditd.conf'
|
||
|
+
|
||
|
+description: |-
|
||
|
+ {{{ describe_file_permissions(file="/etc/audit/auditd.conf", perms="0640") }}}
|
||
|
+
|
||
|
+
|
||
|
+rationale: |-
|
||
|
+ Without the capability to restrict the roles and individuals that can select which events
|
||
|
+ are audited, unauthorized personnel may be able to prevent the auditing of critical
|
||
|
+ events. Misconfigured audits may degrade the system's performance by overwhelming
|
||
|
+ the audit log. Misconfigured audits may also make it more difficult to establish,
|
||
|
+ correlate, and investigate the events relating to an incident or identify
|
||
|
+ those responsible for one.
|
||
|
+
|
||
|
+severity: medium
|
||
|
+
|
||
|
+identifiers:
|
||
|
+ cce@rhel8: CCE-85871-2
|
||
|
+
|
||
|
+references:
|
||
|
+ disa: CCI-000171
|
||
|
+ nist: AU-12(b)
|
||
|
+ srg: SRG-OS-000063-GPOS-00032
|
||
|
+ stigid@rhel8: RHEL-08-030610
|
||
|
+
|
||
|
+template:
|
||
|
+ name: file_permissions
|
||
|
+ vars:
|
||
|
+ filepath: /etc/audit/auditd.conf
|
||
|
+ allow_stricter_permissions: "true"
|
||
|
+ filemode: '0640'
|
||
|
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh
|
||
|
new file mode 100644
|
||
|
index 0000000000..8c9b782920
|
||
|
--- /dev/null
|
||
|
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh
|
||
|
@@ -0,0 +1,6 @@
|
||
|
+#!/bin/bash
|
||
|
+
|
||
|
+export TESTFILE=/etc/audit/auditd.conf
|
||
|
+mkdir -p /etc/audit/
|
||
|
+touch $TESTFILE
|
||
|
+chmod 0640 $TESTFILE
|
||
|
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh
|
||
|
new file mode 100644
|
||
|
index 0000000000..a460e0dddd
|
||
|
--- /dev/null
|
||
|
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh
|
||
|
@@ -0,0 +1,6 @@
|
||
|
+#!/bin/bash
|
||
|
+
|
||
|
+export TESTFILLE=/etc/audit/auditd.conf
|
||
|
+mkdir -p /etc/audit/
|
||
|
+touch $TESTFILLE
|
||
|
+chmod 0644 $TESTFILLE
|
||
|
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
|
||
|
new file mode 100644
|
||
|
index 0000000000..34e1f30367
|
||
|
--- /dev/null
|
||
|
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
|
||
|
@@ -0,0 +1,36 @@
|
||
|
+documentation_complete: true
|
||
|
+
|
||
|
+prodtype: fedora,rhel8
|
||
|
+
|
||
|
+title: 'Verify Permissions on /etc/audit/rules.d/*.rules'
|
||
|
+
|
||
|
+description: |-
|
||
|
+ {{{ describe_file_permissions(file="/etc/audit/rules.d/*.rules", perms="0640") }}}
|
||
|
+
|
||
|
+
|
||
|
+rationale: |-
|
||
|
+ Without the capability to restrict the roles and individuals that can select which events
|
||
|
+ are audited, unauthorized personnel may be able to prevent the auditing of critical
|
||
|
+ events. Misconfigured audits may degrade the system's performance by overwhelming
|
||
|
+ the audit log. Misconfigured audits may also make it more difficult to establish,
|
||
|
+ correlate, and investigate the events relating to an incident or identify
|
||
|
+ those responsible for one.
|
||
|
+
|
||
|
+severity: medium
|
||
|
+
|
||
|
+identifiers:
|
||
|
+ cce@rhel8: CCE-85875-3
|
||
|
+
|
||
|
+references:
|
||
|
+ disa: CCI-000171
|
||
|
+ nist: AU-12(b)
|
||
|
+ srg: SRG-OS-000063-GPOS-00032
|
||
|
+ stigid@rhel8: RHEL-08-030610
|
||
|
+
|
||
|
+template:
|
||
|
+ name: file_permissions
|
||
|
+ vars:
|
||
|
+ filepath: /etc/audit/rules.d/
|
||
|
+ file_regex: ^.*rules$
|
||
|
+ allow_stricter_permissions: "true"
|
||
|
+ filemode: '0640'
|
||
|
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh
|
||
|
new file mode 100644
|
||
|
index 0000000000..b0a20248c3
|
||
|
--- /dev/null
|
||
|
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh
|
||
|
@@ -0,0 +1,6 @@
|
||
|
+#!/bin/bash
|
||
|
+
|
||
|
+export TESTFILE=/etc/audit/rules.d/test_rule.rules
|
||
|
+mkdir -p /etc/audit/rules.d/
|
||
|
+touch $TESTFILE
|
||
|
+chmod 0640 $TESTFILE
|
||
|
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh
|
||
|
new file mode 100644
|
||
|
index 0000000000..c7fd3a95e9
|
||
|
--- /dev/null
|
||
|
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh
|
||
|
@@ -0,0 +1,6 @@
|
||
|
+#!/bin/bash
|
||
|
+
|
||
|
+export TESTFILLE=/etc/audit/rules.d/test_rule.rules
|
||
|
+mkdir -p /etc/audit/rules.d/
|
||
|
+touch $TESTFILLE
|
||
|
+chmod 0644 $TESTFILLE
|
||
|
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
|
||
|
index 26d0aa9922..5a0a520ee0 100644
|
||
|
--- a/products/rhel8/profiles/stig.profile
|
||
|
+++ b/products/rhel8/profiles/stig.profile
|
||
|
@@ -801,6 +801,8 @@ selections:
|
||
|
- configure_usbguard_auditbackend
|
||
|
|
||
|
# RHEL-08-030610
|
||
|
+ - file_permissions_etc_audit_auditd
|
||
|
+ - file_permissions_etc_audit_rulesd
|
||
|
|
||
|
# RHEL-08-030620
|
||
|
|
||
|
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
|
||
|
index ae3375fd4d..24e8149168 100644
|
||
|
--- a/shared/references/cce-redhat-avail.txt
|
||
|
+++ b/shared/references/cce-redhat-avail.txt
|
||
|
@@ -11,11 +11,9 @@ CCE-85867-0
|
||
|
CCE-85868-8
|
||
|
CCE-85869-6
|
||
|
CCE-85870-4
|
||
|
-CCE-85871-2
|
||
|
CCE-85872-0
|
||
|
CCE-85873-8
|
||
|
CCE-85874-6
|
||
|
-CCE-85875-3
|
||
|
CCE-85876-1
|
||
|
CCE-85877-9
|
||
|
CCE-85878-7
|
||
|
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
|
||
|
index a1de1f5561..4be3cf93c2 100644
|
||
|
--- a/tests/data/profile_stability/rhel8/stig.profile
|
||
|
+++ b/tests/data/profile_stability/rhel8/stig.profile
|
||
|
@@ -123,6 +123,8 @@ selections:
|
||
|
- file_ownership_var_log_audit
|
||
|
- file_permission_user_init_files
|
||
|
- file_permissions_binary_dirs
|
||
|
+- file_permissions_etc_audit_auditd
|
||
|
+- file_permissions_etc_audit_rulesd
|
||
|
- file_permissions_home_directories
|
||
|
- file_permissions_library_dirs
|
||
|
- file_permissions_sshd_private_key
|
||
|
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
|
||
|
index b7d2be3af3..20b8a54861 100644
|
||
|
--- a/tests/data/profile_stability/rhel8/stig_gui.profile
|
||
|
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
|
||
|
@@ -134,6 +134,8 @@ selections:
|
||
|
- file_ownership_var_log_audit
|
||
|
- file_permission_user_init_files
|
||
|
- file_permissions_binary_dirs
|
||
|
+- file_permissions_etc_audit_auditd
|
||
|
+- file_permissions_etc_audit_rulesd
|
||
|
- file_permissions_home_directories
|
||
|
- file_permissions_library_dirs
|
||
|
- file_permissions_sshd_private_key
|