2022-04-26 13:52:49 +00:00
|
|
|
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/ansible/shared.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index 8a28af022a7..02c69bddd27 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/ansible/shared.yml
|
|
|
|
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/ansible/shared.yml
|
|
|
|
@@ -1,4 +1,4 @@
|
|
|
|
-# platform = multi_platform_sle
|
|
|
|
+# platform = multi_platform_all
|
|
|
|
# reboot = false
|
|
|
|
# strategy = restrict
|
|
|
|
# complexity = high
|
|
|
|
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
|
2022-05-10 07:07:44 +00:00
|
|
|
index a7182849548..db89a5e47a1 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
|
|
|
|
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
|
|
|
|
@@ -31,6 +31,8 @@ rationale: |-
|
|
|
|
of initiating changes, including upgrades and modifications.
|
|
|
|
|
|
|
|
identifiers:
|
|
|
|
+ cce@rhel8: CCE-88692-9
|
|
|
|
+ cce@rhel9: CCE-88693-7
|
|
|
|
cce@sle12: CCE-83234-5
|
|
|
|
cce@sle15: CCE-85753-2
|
|
|
|
|
|
|
|
@@ -40,6 +42,8 @@ references:
|
|
|
|
disa: CCI-001499
|
2022-05-10 07:07:44 +00:00
|
|
|
nerc-cip: CIP-003-8 R6
|
2022-04-26 13:52:49 +00:00
|
|
|
nist: CM-5,CM-5(6),CM-5(6).1
|
|
|
|
+ srg: SRG-OS-000259-GPOS-00100
|
|
|
|
+ stigid@rhel8: RHEL-08-010331
|
|
|
|
stigid@sle12: SLES-12-010872
|
|
|
|
stigid@sle15: SLES-15-010352
|
|
|
|
stigid@ubuntu2004: UBTU-20-010427
|
|
|
|
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
|
2022-05-10 07:07:44 +00:00
|
|
|
index af078463b05..6e957c302ac 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
|
|
|
|
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
|
|
|
|
@@ -1,4 +1,4 @@
|
|
|
|
-# platform = multi_platform_sle,multi_platform_ubuntu
|
|
|
|
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
|
|
|
|
DIRS="/lib /lib64 /usr/lib /usr/lib64"
|
|
|
|
for dirPath in $DIRS; do
|
|
|
|
find "$dirPath" -perm /022 -type d -exec chmod go-w '{}' \;
|
|
|
|
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
|
2022-05-10 07:07:44 +00:00
|
|
|
index d58616bcafb..55ff9cebd4f 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
|
|
|
|
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
|
|
|
|
@@ -1,4 +1,4 @@
|
|
|
|
-# platform = multi_platform_sle,multi_platform_ubuntu
|
|
|
|
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
|
|
|
|
DIRS="/lib /lib64 /usr/lib /usr/lib64"
|
|
|
|
for dirPath in $DIRS; do
|
|
|
|
chmod -R 755 "$dirPath"
|
|
|
|
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
|
2022-05-10 07:07:44 +00:00
|
|
|
index 98d18cde3ea..c2b5b6bf029 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
|
|
|
|
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
|
|
|
|
@@ -1,4 +1,4 @@
|
|
|
|
-# platform = multi_platform_sle,multi_platform_ubuntu
|
|
|
|
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
|
|
|
|
DIRS="/lib /lib64"
|
|
|
|
for dirPath in $DIRS; do
|
|
|
|
mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme"
|
|
|
|
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
|
2022-05-10 07:07:44 +00:00
|
|
|
index 6df6e2f8f9b..40e6c42c829 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
|
|
|
|
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
|
|
|
|
@@ -1,4 +1,4 @@
|
|
|
|
-# platform = multi_platform_sle,multi_platform_ubuntu
|
|
|
|
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
|
|
|
|
DIRS="/usr/lib /usr/lib64"
|
|
|
|
for dirPath in $DIRS; do
|
|
|
|
mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme"
|
|
|
|
diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile
|
2022-05-10 07:07:44 +00:00
|
|
|
index decba0087e8..920a55659fd 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/products/rhel8/profiles/cjis.profile
|
|
|
|
+++ b/products/rhel8/profiles/cjis.profile
|
|
|
|
@@ -77,6 +77,7 @@ selections:
|
|
|
|
- accounts_password_pam_difok
|
|
|
|
- accounts_max_concurrent_login_sessions
|
|
|
|
- set_password_hashing_algorithm_systemauth
|
|
|
|
+ - set_password_hashing_algorithm_passwordauth
|
|
|
|
- set_password_hashing_algorithm_logindefs
|
|
|
|
- set_password_hashing_algorithm_libuserconf
|
|
|
|
- file_owner_etc_shadow
|
|
|
|
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
|
2022-05-10 07:07:44 +00:00
|
|
|
index 04f158116ee..5d98b1c894e 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/products/rhel8/profiles/stig.profile
|
|
|
|
+++ b/products/rhel8/profiles/stig.profile
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -228,6 +228,9 @@ selections:
|
2022-04-26 13:52:49 +00:00
|
|
|
# RHEL-08-010330
|
|
|
|
- file_permissions_library_dirs
|
|
|
|
|
|
|
|
+ # RHEL-08-010331
|
|
|
|
+ - dir_permissions_library_dirs
|
|
|
|
+
|
|
|
|
# RHEL-08-010340
|
|
|
|
- file_ownership_library_dirs
|
|
|
|
|
|
|
|
diff --git a/products/rhel9/profiles/stig.profile b/products/rhel9/profiles/stig.profile
|
2022-05-10 07:07:44 +00:00
|
|
|
index 8f79b22e3e4..2614504e9cd 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/products/rhel9/profiles/stig.profile
|
|
|
|
+++ b/products/rhel9/profiles/stig.profile
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -229,6 +229,9 @@ selections:
|
2022-04-26 13:52:49 +00:00
|
|
|
# RHEL-08-010330
|
|
|
|
- file_permissions_library_dirs
|
|
|
|
|
|
|
|
+ # RHEL-08-010331
|
|
|
|
+ - dir_permissions_library_dirs
|
|
|
|
+
|
|
|
|
# RHEL-08-010340
|
|
|
|
- file_ownership_library_dirs
|
|
|
|
|
|
|
|
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
|
2022-05-10 07:07:44 +00:00
|
|
|
index 3f6ec5e17c4..4a926bce5de 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/shared/references/cce-redhat-avail.txt
|
|
|
|
+++ b/shared/references/cce-redhat-avail.txt
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -2645,8 +2645,6 @@ CCE-88688-7
|
2022-04-26 13:52:49 +00:00
|
|
|
CCE-88689-5
|
|
|
|
CCE-88690-3
|
|
|
|
CCE-88691-1
|
|
|
|
-CCE-88692-9
|
|
|
|
-CCE-88693-7
|
|
|
|
CCE-88694-5
|
|
|
|
CCE-88695-2
|
|
|
|
CCE-88696-0
|
|
|
|
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
|
2022-05-10 07:07:44 +00:00
|
|
|
index ed739e724f4..4df5c4a2e21 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/tests/data/profile_stability/rhel8/stig.profile
|
|
|
|
+++ b/tests/data/profile_stability/rhel8/stig.profile
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -25,6 +25,7 @@ extends: null
|
|
|
|
metadata:
|
|
|
|
version: V1R4
|
|
|
|
SMEs:
|
|
|
|
+ - mab879
|
|
|
|
- ggbecker
|
|
|
|
reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
|
|
|
|
selections:
|
|
|
|
@@ -180,6 +181,7 @@ selections:
|
2022-04-26 13:52:49 +00:00
|
|
|
- dconf_gnome_screensaver_idle_delay
|
|
|
|
- dconf_gnome_screensaver_lock_enabled
|
|
|
|
- dir_group_ownership_library_dirs
|
|
|
|
+- dir_permissions_library_dirs
|
|
|
|
- dir_perms_world_writable_root_owned
|
|
|
|
- dir_perms_world_writable_sticky_bits
|
|
|
|
- directory_group_ownership_var_log_audit
|
|
|
|
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
|
2022-05-10 07:07:44 +00:00
|
|
|
index 56c3fcb9f59..98746158aed 100644
|
2022-04-26 13:52:49 +00:00
|
|
|
--- a/tests/data/profile_stability/rhel8/stig_gui.profile
|
|
|
|
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
|
2022-05-10 07:07:44 +00:00
|
|
|
@@ -36,6 +36,7 @@ extends: null
|
|
|
|
metadata:
|
|
|
|
version: V1R4
|
|
|
|
SMEs:
|
|
|
|
+ - mab879
|
|
|
|
- ggbecker
|
|
|
|
reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
|
|
|
|
selections:
|
|
|
|
@@ -191,6 +192,7 @@ selections:
|
2022-04-26 13:52:49 +00:00
|
|
|
- dconf_gnome_screensaver_idle_delay
|
|
|
|
- dconf_gnome_screensaver_lock_enabled
|
|
|
|
- dir_group_ownership_library_dirs
|
|
|
|
+- dir_permissions_library_dirs
|
|
|
|
- dir_perms_world_writable_root_owned
|
|
|
|
- dir_perms_world_writable_sticky_bits
|
|
|
|
- directory_group_ownership_var_log_audit
|