138 lines
6.4 KiB
Diff
138 lines
6.4 KiB
Diff
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
|
|
index 7da2e067a6..5d01170aab 100644
|
|
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
|
|
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
|
|
@@ -33,6 +33,7 @@ references:
|
|
cis@sle12: 5.2.4
|
|
cis@sle15: 5.2.6
|
|
stigid@rhel7: RHEL-07-040710
|
|
+ stigid@ol7: OL07-00-040710
|
|
srg: SRG-OS-000480-GPOS-00227
|
|
disa: CCI-000366
|
|
nist: CM-6(b)
|
|
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/rule.yml
|
|
index 87c3cb7f5a..5683676bfc 100644
|
|
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/rule.yml
|
|
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/rule.yml
|
|
@@ -23,7 +23,6 @@ identifiers:
|
|
cce@sle12: CCE-83017-4
|
|
|
|
references:
|
|
- stigid@ol7: OL07-00-040710
|
|
cui: 3.1.13
|
|
disa: CCI-000366
|
|
nist: CM-6(a),AC-17(a),AC-17(2)
|
|
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
|
|
index 50c7d689af..42cb32e30e 100644
|
|
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
|
|
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
|
|
@@ -1,6 +1,6 @@
|
|
documentation_complete: true
|
|
|
|
-prodtype: ol7,rhel7,rhel8,wrlinux1019,wrlinux8
|
|
+prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019,wrlinux8
|
|
|
|
title: 'Use Only FIPS 140-2 Validated Ciphers'
|
|
|
|
@@ -51,7 +51,6 @@ identifiers:
|
|
cce@rhel8: CCE-81032-5
|
|
|
|
references:
|
|
- stigid@ol7: OL07-00-040110
|
|
cis: 5.2.10
|
|
cjis: 5.5.6
|
|
cui: 3.1.13,3.13.11,3.13.8
|
|
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml
|
|
index 0751064179..73de17af35 100644
|
|
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml
|
|
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml
|
|
@@ -1,6 +1,6 @@
|
|
documentation_complete: true
|
|
|
|
-prodtype: rhel7
|
|
+prodtype: ol7,rhel7
|
|
|
|
title: 'Use Only FIPS 140-2 Validated Ciphers'
|
|
|
|
@@ -32,6 +32,7 @@ references:
|
|
disa: CCI-000068,CCI-000366,CCI-000803,CCI-000877,CCI-002890,CCI-003123
|
|
srg: SRG-OS-000033-GPOS-00014,SRG-OS-000120-GPOS-00061,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
|
|
stigid@rhel7: RHEL-07-040110
|
|
+ stigid@ol7: OL07-00-040110
|
|
|
|
ocil_clause: 'FIPS ciphers are not configured or the enabled ciphers are not FIPS-approved'
|
|
|
|
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
|
|
index c490756daf..13997f9418 100644
|
|
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
|
|
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
|
|
@@ -1,6 +1,6 @@
|
|
documentation_complete: true
|
|
|
|
-prodtype: ol7,rhel7,rhel8,sle12,wrlinux1019
|
|
+prodtype: ol7,ol8,rhel7,rhel8,sle12,wrlinux1019
|
|
|
|
title: 'Use Only FIPS 140-2 Validated MACs'
|
|
|
|
@@ -46,7 +46,6 @@ identifiers:
|
|
cce@sle12: CCE-83036-4
|
|
|
|
references:
|
|
- stigid@ol7: OL07-00-040400
|
|
cis: 5.2.12
|
|
cui: 3.1.13,3.13.11,3.13.8
|
|
disa: CCI-000068,CCI-000803,CCI-000877,CCI-001453,CCI-003123
|
|
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml
|
|
index 88d2d77e14..bd597f0860 100644
|
|
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml
|
|
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml
|
|
@@ -1,6 +1,6 @@
|
|
documentation_complete: true
|
|
|
|
-prodtype: rhel7
|
|
+prodtype: ol7,rhel7
|
|
|
|
title: 'Use Only FIPS 140-2 Validated MACs'
|
|
|
|
@@ -25,6 +25,7 @@ references:
|
|
disa: CCI-000068,CCI-000803,CCI-000877,CCI-001453,CCI-003123
|
|
srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000394-GPOS-00174
|
|
stigid@rhel7: RHEL-07-040400
|
|
+ stigid@ol7: OL07-00-040400
|
|
|
|
ocil_clause: 'MACs option is commented out or not using FIPS-approved hash algorithms'
|
|
|
|
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
|
|
index 7267d2443a..b0fe065d86 100644
|
|
--- a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
|
|
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
|
|
@@ -26,6 +26,7 @@ identifiers:
|
|
references:
|
|
srg: SRG-OS-000480-GPOS-00227
|
|
stig@rhel7: RHEL-07-040711
|
|
+ stig@ol7: OL07-00-040711
|
|
disa: CCI-000366
|
|
nist: CM-6(b)
|
|
|
|
diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
|
|
index 820a942220..dfcbbafd17 100644
|
|
--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
|
|
+++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
|
|
@@ -36,4 +36,4 @@ ocil_clause: 'the group ownership is incorrect'
|
|
ocil: |-
|
|
To verify the assigned home directory of all interactive users is group-
|
|
owned by that users primary GID, run the following command:
|
|
- <pre>$ sudo ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)</pre>
|
|
+ <pre># ls -ld $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd)</pre>
|
|
diff --git a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
|
|
index 7d5778d4f6..37cb36cda3 100644
|
|
--- a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
|
|
+++ b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
|
|
@@ -30,4 +30,4 @@ ocil_clause: 'the user ownership is incorrect'
|
|
|
|
ocil: |-
|
|
To verify the home directory ownership, run the following command:
|
|
- <pre>$ sudo ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)</pre>
|
|
+ <pre># ls -ld $(awk -F: '($3>=1000)&&($7 !~ /nologin/){print $6}' /etc/passwd)</pre>
|
|
|