scap-security-guide/SOURCES/scap-security-guide-0.1.58-RHEL_08_030610-PR_7256.patch
2021-09-10 04:19:00 +00:00

212 lines
8.5 KiB
Diff

From 8455c8556a6d828b15ebc62cf511e484dd626a36 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Fri, 16 Jul 2021 13:16:12 -0500
Subject: [PATCH] Add rules for RHEL-08-030610
Added two rules, one for each of the paths mentioned in the STIG.
---
.../rule.yml | 35 ++++++++++++++++++
.../tests/correct_permissions.pass.sh | 6 ++++
.../tests/incorrect_permissions.fail.sh | 6 ++++
.../rule.yml | 36 +++++++++++++++++++
.../tests/correct_permissions.pass.sh | 6 ++++
.../tests/incorrect_permissions.fail.sh | 6 ++++
products/rhel8/profiles/stig.profile | 2 ++
shared/references/cce-redhat-avail.txt | 2 --
.../data/profile_stability/rhel8/stig.profile | 2 ++
.../profile_stability/rhel8/stig_gui.profile | 2 ++
10 files changed, 101 insertions(+), 2 deletions(-)
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh
create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
new file mode 100644
index 0000000000..1cde3ded5f
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
@@ -0,0 +1,35 @@
+documentation_complete: true
+
+prodtype: fedora,rhel8
+
+title: 'Verify Permissions on /etc/audit/auditd.conf'
+
+description: |-
+ {{{ describe_file_permissions(file="/etc/audit/auditd.conf", perms="0640") }}}
+
+
+rationale: |-
+ Without the capability to restrict the roles and individuals that can select which events
+ are audited, unauthorized personnel may be able to prevent the auditing of critical
+ events. Misconfigured audits may degrade the system's performance by overwhelming
+ the audit log. Misconfigured audits may also make it more difficult to establish,
+ correlate, and investigate the events relating to an incident or identify
+ those responsible for one.
+
+severity: medium
+
+identifiers:
+ cce@rhel8: CCE-85871-2
+
+references:
+ disa: CCI-000171
+ nist: AU-12(b)
+ srg: SRG-OS-000063-GPOS-00032
+ stigid@rhel8: RHEL-08-030610
+
+template:
+ name: file_permissions
+ vars:
+ filepath: /etc/audit/auditd.conf
+ allow_stricter_permissions: "true"
+ filemode: '0640'
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh
new file mode 100644
index 0000000000..8c9b782920
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+export TESTFILE=/etc/audit/auditd.conf
+mkdir -p /etc/audit/
+touch $TESTFILE
+chmod 0640 $TESTFILE
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh
new file mode 100644
index 0000000000..a460e0dddd
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+export TESTFILLE=/etc/audit/auditd.conf
+mkdir -p /etc/audit/
+touch $TESTFILLE
+chmod 0644 $TESTFILLE
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
new file mode 100644
index 0000000000..34e1f30367
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
@@ -0,0 +1,36 @@
+documentation_complete: true
+
+prodtype: fedora,rhel8
+
+title: 'Verify Permissions on /etc/audit/rules.d/*.rules'
+
+description: |-
+ {{{ describe_file_permissions(file="/etc/audit/rules.d/*.rules", perms="0640") }}}
+
+
+rationale: |-
+ Without the capability to restrict the roles and individuals that can select which events
+ are audited, unauthorized personnel may be able to prevent the auditing of critical
+ events. Misconfigured audits may degrade the system's performance by overwhelming
+ the audit log. Misconfigured audits may also make it more difficult to establish,
+ correlate, and investigate the events relating to an incident or identify
+ those responsible for one.
+
+severity: medium
+
+identifiers:
+ cce@rhel8: CCE-85875-3
+
+references:
+ disa: CCI-000171
+ nist: AU-12(b)
+ srg: SRG-OS-000063-GPOS-00032
+ stigid@rhel8: RHEL-08-030610
+
+template:
+ name: file_permissions
+ vars:
+ filepath: /etc/audit/rules.d/
+ file_regex: ^.*rules$
+ allow_stricter_permissions: "true"
+ filemode: '0640'
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh
new file mode 100644
index 0000000000..b0a20248c3
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+export TESTFILE=/etc/audit/rules.d/test_rule.rules
+mkdir -p /etc/audit/rules.d/
+touch $TESTFILE
+chmod 0640 $TESTFILE
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh
new file mode 100644
index 0000000000..c7fd3a95e9
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+export TESTFILLE=/etc/audit/rules.d/test_rule.rules
+mkdir -p /etc/audit/rules.d/
+touch $TESTFILLE
+chmod 0644 $TESTFILLE
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
index 26d0aa9922..5a0a520ee0 100644
--- a/products/rhel8/profiles/stig.profile
+++ b/products/rhel8/profiles/stig.profile
@@ -801,6 +801,8 @@ selections:
- configure_usbguard_auditbackend
# RHEL-08-030610
+ - file_permissions_etc_audit_auditd
+ - file_permissions_etc_audit_rulesd
# RHEL-08-030620
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index ae3375fd4d..24e8149168 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -11,11 +11,9 @@ CCE-85867-0
CCE-85868-8
CCE-85869-6
CCE-85870-4
-CCE-85871-2
CCE-85872-0
CCE-85873-8
CCE-85874-6
-CCE-85875-3
CCE-85876-1
CCE-85877-9
CCE-85878-7
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
index a1de1f5561..4be3cf93c2 100644
--- a/tests/data/profile_stability/rhel8/stig.profile
+++ b/tests/data/profile_stability/rhel8/stig.profile
@@ -123,6 +123,8 @@ selections:
- file_ownership_var_log_audit
- file_permission_user_init_files
- file_permissions_binary_dirs
+- file_permissions_etc_audit_auditd
+- file_permissions_etc_audit_rulesd
- file_permissions_home_directories
- file_permissions_library_dirs
- file_permissions_sshd_private_key
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
index b7d2be3af3..20b8a54861 100644
--- a/tests/data/profile_stability/rhel8/stig_gui.profile
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
@@ -134,6 +134,8 @@ selections:
- file_ownership_var_log_audit
- file_permission_user_init_files
- file_permissions_binary_dirs
+- file_permissions_etc_audit_auditd
+- file_permissions_etc_audit_rulesd
- file_permissions_home_directories
- file_permissions_library_dirs
- file_permissions_sshd_private_key