From b76ea121519e7fb29bfba09cd5c3221a0a984a1b Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Mon, 18 Jul 2022 10:38:20 +0200 Subject: [PATCH] make audit_access_success unenforcing for rhel9 ospp Resolves: rhbz#2058154 --- ...t_access_success_unenforcing-PR_9082.patch | 27 +++++++++++++++++++ scap-security-guide.spec | 2 ++ 2 files changed, 29 insertions(+) create mode 100644 scap-security-guide-0.1.63-audit_access_success_unenforcing-PR_9082.patch diff --git a/scap-security-guide-0.1.63-audit_access_success_unenforcing-PR_9082.patch b/scap-security-guide-0.1.63-audit_access_success_unenforcing-PR_9082.patch new file mode 100644 index 0000000..f952658 --- /dev/null +++ b/scap-security-guide-0.1.63-audit_access_success_unenforcing-PR_9082.patch @@ -0,0 +1,27 @@ +From fd1f968504765db0ba5c32ac50058d7a05242343 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= +Date: Fri, 1 Jul 2022 14:35:56 +0200 +Subject: [PATCH] Make rule audit_access_success in OSPP profile unenforcing + +Set severity to info and role to unscored, because the rule +creates an audit rule that creates generating huge amounts +of audit records generated. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2058154 +--- + products/rhel9/profiles/ospp.profile | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/products/rhel9/profiles/ospp.profile b/products/rhel9/profiles/ospp.profile +index 1fad0031749..8e54ae4281d 100644 +--- a/products/rhel9/profiles/ospp.profile ++++ b/products/rhel9/profiles/ospp.profile +@@ -372,6 +372,8 @@ selections: + - audit_modify_success + - audit_access_failed + - audit_access_success ++ - audit_access_success.severity=info ++ - audit_access_success.role=unscored + - audit_delete_failed + - audit_delete_success + - audit_perm_change_failed diff --git a/scap-security-guide.spec b/scap-security-guide.spec index a178f78..6a1bb14 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -25,6 +25,7 @@ BuildRequires: python%{python3_pkgversion}-PyYAML Requires: xml-common, openscap-scanner >= 1.2.5 Patch0: scap-security-guide-0.1.63-remove_sysctl_proteced_fs_rules-PR_9081.patch +Patch1: scap-security-guide-0.1.63-audit_access_success_unenforcing-PR_9082.patch %description The scap-security-guide project provides a guide for configuration of the @@ -102,6 +103,7 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md %changelog * Mon Jul 18 2022 Vojtech Polasek - 0.1.62-2 - Remove sysctl_fs_protected_* rules from RHEL9 OSPP (RHBZ#2081719) +- Make rule audit_access_success_ unenforcing in RHEL9 OSPP (RHBZ#2058154) * Wed Jun 01 2022 Matej Tyc - 0.1.62-1 - Rebase to a new upstream release (RHBZ#2070563)