rpms/scap-security-guide
7
0
Fork 0
Code Issues Pull Requests Releases Activity
5d623aa88d
scap-security-guide/SOURCES/scap-security-guide-0.1.59-add_missing_stig_ids-PR_7597.patch
CentOS Sources c24c37eb20 import scap-security-guide-0.1.57-9.el8_5
2022-04-26 18:09:24 +00:00

75 lines
4.2 KiB
Diff
Raw Blame History

From 1b7bd47bd8fa3f828aca0bf0add7fc188893ef11 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Tue, 21 Sep 2021 07:44:29 -0500
Subject: [PATCH 1/2] Add STIG references for FIPS
---
.../integrity/crypto/configure_bind_crypto_policy/rule.yml | 1 +
.../software/integrity/crypto/configure_crypto_policy/rule.yml | 1 +
.../integrity/crypto/configure_kerberos_crypto_policy/rule.yml | 1 +
.../integrity/crypto/configure_libreswan_crypto_policy/rule.yml | 1 +
.../software/integrity/fips/enable_dracut_fips_module/rule.yml | 1 +
5 files changed, 5 insertions(+)
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
index 5484e11ad9f..e58c9506083 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
@@ -29,6 +29,7 @@ identifiers:
references:
nerc-cip: CIP-003-3 R4.2,CIP-007-3 R5.1
nist: SC-13,SC-12(2),SC-12(3)
+ stigid@rhel8: RHEL-08-010020
srg: SRG-OS-000423-GPOS-00187,SRG-OS-000426-GPOS-00190
ocil_clause: |-
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
index d4ea4db6c14..5eea87ac006 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
@@ -65,6 +65,7 @@ references:
nerc-cip: CIP-003-3 R4.2,CIP-007-3 R5.1,CIP-007-3 R7.1
nist: AC-17(a),AC-17(2),CM-6(a),MA-4(6),SC-13,SC-12(2),SC-12(3)
ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1
+ stigid@rhel8: RHEL-08-010020
srg: SRG-OS-000396-GPOS-00176,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
ocil_clause: 'cryptographic policy is not configured or is configured incorrectly'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
index b219c9d2801..e1f5e55e8cd 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
@@ -28,6 +28,7 @@ references:
nerc-cip: CIP-003-3 R4.2,CIP-007-3 R5.1
nist: SC-13,SC-12(2),SC-12(3)
srg: SRG-OS-000120-GPOS-00061
+ stigid@rhel8: RHEL-08-010020
ocil_clause: 'the symlink does not exist or points to a different target'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
index cd03ecf30d1..1fffb2ad2b7 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
@@ -33,6 +33,7 @@ references:
nist: CM-6(a),MA-4(6),SC-13,SC-12(2),SC-12(3)
ospp: FCS_IPSEC_EXT.1.4,FCS_IPSEC_EXT.1.6
srg: SRG-OS-000033-GPOS-00014
+ stigid@rhel8: RHEL-08-010020
ocil_clause: |-
Libreswan is installed and <tt>/etc/ipsec.conf</tt> does not contain <tt>include /etc/crypto-policies/back-ends/libreswan.config</tt>
diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
index 9486031be54..fe20c1958a6 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
@@ -30,6 +30,7 @@ references:
nerc-cip: CIP-003-3 R4.2,CIP-007-3 R5.1
nist: SC-12(2),SC-12(3),IA-7,SC-13,CM-6(a),SC-12
srg: SRG-OS-000478-GPOS-00223
+ stigid@rhel8: RHEL-08-010020
vmmsrg: SRG-OS-000120-VMM-000600,SRG-OS-000478-VMM-001980,SRG-OS-000396-VMM-001590
ocil_clause: 'the Dracut FIPS module is not enabled'
Reference in New Issue View Git Blame Copy Permalink