scap-security-guide/scap-security-guide-0.1.61-rhel8_stig_audit_rules-PR_8174.patch
Watson Sato 9887c6a84e Update OSPP Profile
Resolves: rhbz#2016038
Resolves: rhbz#2043036
Resolves: rhbz#2020670
Resolves: rhbz#2046289
2022-02-11 22:37:28 +01:00

494 lines
23 KiB
Diff

diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
index a0b3efcbf79..1bc7afbb224 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
@@ -58,7 +58,7 @@ references:
stigid@ol7: OL07-00-030410
stigid@ol8: OL08-00-030540
stigid@rhel7: RHEL-07-030420
- stigid@rhel8: RHEL-08-030540
+ stigid@rhel8: RHEL-08-030490
stigid@sle12: SLES-12-020470
stigid@sle15: SLES-15-030300
stigid@ubuntu2004: UBTU-20-010153
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
index 83dd57f2b6d..dc8211684f2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
@@ -58,7 +58,7 @@ references:
stigid@ol7: OL07-00-030410
stigid@ol8: OL08-00-030530
stigid@rhel7: RHEL-07-030430
- stigid@rhel8: RHEL-08-030530
+ stigid@rhel8: RHEL-08-030490
stigid@sle12: SLES-12-020480
stigid@sle15: SLES-15-030310
stigid@ubuntu2004: UBTU-20-010154
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
index 1b78aab4a1a..07592bb2fd9 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
@@ -61,7 +61,7 @@ references:
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030520
stigid@rhel7: RHEL-07-030380
- stigid@rhel8: RHEL-08-030520
+ stigid@rhel8: RHEL-08-030480
stigid@sle12: SLES-12-020430
stigid@sle15: SLES-15-030260
stigid@ubuntu2004: UBTU-20-010149
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
index 360c60de06d..084970765b2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
@@ -58,7 +58,7 @@ references:
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030510
stigid@rhel7: RHEL-07-030400
- stigid@rhel8: RHEL-08-030510
+ stigid@rhel8: RHEL-08-030480
stigid@sle12: SLES-12-020450
stigid@sle15: SLES-15-030280
stigid@ubuntu2004: UBTU-20-010150
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
index 19bf8a5b981..5695440ad7d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
@@ -75,7 +75,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030240
stigid@rhel7: RHEL-07-030480
- stigid@rhel8: RHEL-08-030240
+ stigid@rhel8: RHEL-08-030200
stigid@sle12: SLES-12-020410
stigid@sle15: SLES-15-030210
stigid@ubuntu2004: UBTU-20-010147
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
index 40cd114042e..ab536a8ae0a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
@@ -70,7 +70,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030230
stigid@rhel7: RHEL-07-030450
- stigid@rhel8: RHEL-08-030230
+ stigid@rhel8: RHEL-08-030200
stigid@sle12: SLES-12-020380
stigid@sle15: SLES-15-030230
stigid@ubuntu2004: UBTU-20-010144
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
index 81dddd9fb71..d1f4ee35ccb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
@@ -58,7 +58,7 @@ references:
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030500
stigid@rhel7: RHEL-07-030390
- stigid@rhel8: RHEL-08-030500
+ stigid@rhel8: RHEL-08-030480
stigid@sle12: SLES-12-020440
stigid@sle15: SLES-15-030270
stigid@ubuntu2004: UBTU-20-010151
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
index fa15012b05f..a2425e373bc 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
@@ -69,7 +69,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030220
stigid@rhel7: RHEL-07-030460
- stigid@rhel8: RHEL-08-030220
+ stigid@rhel8: RHEL-08-030200
stigid@sle15: SLES-15-030240
stigid@ubuntu2004: UBTU-20-010143
vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
index 6d15eecee2c..0be27fbe860 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
@@ -74,7 +74,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030210
stigid@rhel7: RHEL-07-030470
- stigid@rhel8: RHEL-08-030210
+ stigid@rhel8: RHEL-08-030200
stigid@sle12: SLES-12-020390
stigid@sle15: SLES-15-030190
stigid@ubuntu2004: UBTU-20-010145
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
index 6f7cea26e16..5dc13a0a43a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
@@ -70,7 +70,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030270
stigid@rhel7: RHEL-07-030440
- stigid@rhel8: RHEL-08-030270
+ stigid@rhel8: RHEL-08-030200
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030220
stigid@ubuntu2004: UBTU-20-010142
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
index 718dcb8a9d9..120d6fa84d3 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
@@ -52,7 +52,7 @@ references:
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030362
stigid@rhel7: RHEL-07-030890
- stigid@rhel8: RHEL-08-030362
+ stigid@rhel8: RHEL-08-030361
stigid@ubuntu2004: UBTU-20-010270
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
index 643f075f46a..4caa7c66986 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
@@ -49,7 +49,7 @@ references:
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030363
stigid@rhel7: RHEL-07-030900
- stigid@rhel8: RHEL-08-030363
+ stigid@rhel8: RHEL-08-030361
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
{{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
index 9cf3c4668bc..8fea9dc4582 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
@@ -52,7 +52,7 @@ references:
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030364
stigid@rhel7: RHEL-07-030910
- stigid@rhel8: RHEL-08-030364
+ stigid@rhel8: RHEL-08-030361
stigid@ubuntu2004: UBTU-20-010267
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
index d0ebbdbd723..bee18e99b52 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
@@ -52,7 +52,7 @@ references:
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030365
stigid@rhel7: RHEL-07-030920
- stigid@rhel8: RHEL-08-030365
+ stigid@rhel8: RHEL-08-030361
stigid@ubuntu2004: UBTU-20-010268
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
index 373b12525e1..736c6643b57 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
@@ -63,7 +63,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030470
stigid@rhel7: RHEL-07-030500
- stigid@rhel8: RHEL-08-030470
+ stigid@rhel8: RHEL-08-030420
stigid@sle12: SLES-12-020520
stigid@sle15: SLES-15-030160
stigid@ubuntu2004: UBTU-20-010158
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
index 2b2d82a736b..6b4176d53e3 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
@@ -66,7 +66,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030460
stigid@rhel7: RHEL-07-030550
- stigid@rhel8: RHEL-08-030460
+ stigid@rhel8: RHEL-08-030420
stigid@sle12: SLES-12-020510
stigid@sle15: SLES-15-030320
stigid@ubuntu2004: UBTU-20-010157
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
index dcb3d0f0525..90d45b6787e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
@@ -66,7 +66,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030440
stigid@rhel7: RHEL-07-030510
- stigid@rhel8: RHEL-08-030440
+ stigid@rhel8: RHEL-08-030420
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
stigid@ubuntu2004: UBTU-20-010155
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
index e68d892bb90..6df936e489c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030450
stigid@rhel7: RHEL-07-030530
- stigid@rhel8: RHEL-08-030450
+ stigid@rhel8: RHEL-08-030420
stigid@sle12: SLES-12-020540
stigid@sle15: SLES-15-030180
stigid@ubuntu2004: UBTU-20-010160
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
index cd6bd545e71..1b6ae818e48 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
@@ -66,7 +66,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030430
stigid@rhel7: RHEL-07-030520
- stigid@rhel8: RHEL-08-030430
+ stigid@rhel8: RHEL-08-030420
stigid@sle12: SLES-12-020530
stigid@sle15: SLES-15-030170
stigid@ubuntu2004: UBTU-20-010159
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
index 50e5b4e4f02..2f1c6d0bf22 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
@@ -51,7 +51,7 @@ references:
stigid@ol7: OL07-00-030820
stigid@ol8: OL08-00-030380
stigid@rhel7: RHEL-07-030821
- stigid@rhel8: RHEL-08-030380
+ stigid@rhel8: RHEL-08-030360
stigid@sle12: SLES-12-020740
stigid@sle15: SLES-15-030530
stigid@ubuntu2004: UBTU-20-010180
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
index ffca983d0bd..d92bc72971c 100644
--- a/products/rhel8/profiles/stig.profile
+++ b/products/rhel8/profiles/stig.profile
@@ -560,6 +560,8 @@ selections:
# RHEL-08-020220
- accounts_password_pam_pwhistory_remember_system_auth
+
+ # RHEL-08-020221
- accounts_password_pam_pwhistory_remember_password_auth
# RHEL-08-020230
@@ -712,18 +714,11 @@ selections:
# RHEL-08-030200
- audit_rules_dac_modification_lremovexattr
-
- # RHEL-08-030210
- audit_rules_dac_modification_removexattr
-
- # RHEL-08-030220
- audit_rules_dac_modification_lsetxattr
-
- # RHEL-08-030230
- audit_rules_dac_modification_fsetxattr
-
- # RHEL-08-030240
- audit_rules_dac_modification_fremovexattr
+ - audit_rules_dac_modification_setxattr
# RHEL-08-030250
- audit_rules_privileged_commands_chage
@@ -731,8 +726,6 @@ selections:
# RHEL-08-030260
- audit_rules_execution_chcon
- # RHEL-08-030270
- - audit_rules_dac_modification_setxattr
# RHEL-08-030280
- audit_rules_privileged_commands_ssh_agent
@@ -787,28 +780,18 @@ selections:
# RHEL-08-030360
- audit_rules_kernel_module_loading_init
+ - audit_rules_kernel_module_loading_finit
# RHEL-08-030361
- audit_rules_file_deletion_events_rename
-
- # RHEL-08-030362
- audit_rules_file_deletion_events_renameat
-
- # RHEL-08-030363
- audit_rules_file_deletion_events_rmdir
-
- # RHEL-08-030364
- audit_rules_file_deletion_events_unlink
-
- # RHEL-08-030365
- audit_rules_file_deletion_events_unlinkat
# RHEL-08-030370
- audit_rules_privileged_commands_gpasswd
- # RHEL-08-030380
- - audit_rules_kernel_module_loading_finit
-
# RHEL-08-030390
- audit_rules_kernel_module_loading_delete
@@ -820,41 +803,21 @@ selections:
# RHEL-08-030420
- audit_rules_unsuccessful_file_modification_truncate
-
- # RHEL-08-030430
- audit_rules_unsuccessful_file_modification_openat
-
- # RHEL-08-030440
- audit_rules_unsuccessful_file_modification_open
-
- # RHEL-08-030450
- audit_rules_unsuccessful_file_modification_open_by_handle_at
-
- # RHEL-08-030460
- audit_rules_unsuccessful_file_modification_ftruncate
-
- # RHEL-08-030470
- audit_rules_unsuccessful_file_modification_creat
# RHEL-08-030480
- audit_rules_dac_modification_chown
-
- # RHEL-08-030490
- - audit_rules_dac_modification_chmod
-
- # RHEL-08-030500
- audit_rules_dac_modification_lchown
-
- # RHEL-08-030510
- audit_rules_dac_modification_fchownat
-
- # RHEL-08-030520
- audit_rules_dac_modification_fchown
- # RHEL-08-030530
+ # RHEL-08-030490
+ - audit_rules_dac_modification_chmod
- audit_rules_dac_modification_fchmodat
-
- # RHEL-08-030540
- audit_rules_dac_modification_fchmod
# RHEL-08-030550
diff --git a/products/rhel9/profiles/stig.profile b/products/rhel9/profiles/stig.profile
index eb2cac913bd..42c6d0e9aca 100644
--- a/products/rhel9/profiles/stig.profile
+++ b/products/rhel9/profiles/stig.profile
@@ -561,6 +561,8 @@ selections:
# RHEL-08-020220
- accounts_password_pam_pwhistory_remember_system_auth
+
+ # RHEL-08-020221
- accounts_password_pam_pwhistory_remember_password_auth
# RHEL-08-020230
@@ -713,18 +715,11 @@ selections:
# RHEL-08-030200
- audit_rules_dac_modification_lremovexattr
-
- # RHEL-08-030210
- audit_rules_dac_modification_removexattr
-
- # RHEL-08-030220
- audit_rules_dac_modification_lsetxattr
-
- # RHEL-08-030230
- audit_rules_dac_modification_fsetxattr
-
- # RHEL-08-030240
- audit_rules_dac_modification_fremovexattr
+ - audit_rules_dac_modification_setxattr
# RHEL-08-030250
- audit_rules_privileged_commands_chage
@@ -732,9 +727,6 @@ selections:
# RHEL-08-030260
- audit_rules_execution_chcon
- # RHEL-08-030270
- - audit_rules_dac_modification_setxattr
-
# RHEL-08-030280
- audit_rules_privileged_commands_ssh_agent
@@ -788,28 +780,18 @@ selections:
# RHEL-08-030360
- audit_rules_kernel_module_loading_init
+ - audit_rules_kernel_module_loading_finit
# RHEL-08-030361
- audit_rules_file_deletion_events_rename
-
- # RHEL-08-030362
- audit_rules_file_deletion_events_renameat
-
- # RHEL-08-030363
- audit_rules_file_deletion_events_rmdir
-
- # RHEL-08-030364
- audit_rules_file_deletion_events_unlink
-
- # RHEL-08-030365
- audit_rules_file_deletion_events_unlinkat
# RHEL-08-030370
- audit_rules_privileged_commands_gpasswd
- # RHEL-08-030380
- - audit_rules_kernel_module_loading_finit
-
# RHEL-08-030390
- audit_rules_kernel_module_loading_delete
@@ -821,41 +803,21 @@ selections:
# RHEL-08-030420
- audit_rules_unsuccessful_file_modification_truncate
-
- # RHEL-08-030430
- audit_rules_unsuccessful_file_modification_openat
-
- # RHEL-08-030440
- audit_rules_unsuccessful_file_modification_open
-
- # RHEL-08-030450
- audit_rules_unsuccessful_file_modification_open_by_handle_at
-
- # RHEL-08-030460
- audit_rules_unsuccessful_file_modification_ftruncate
-
- # RHEL-08-030470
- audit_rules_unsuccessful_file_modification_creat
# RHEL-08-030480
- audit_rules_dac_modification_chown
-
- # RHEL-08-030490
- - audit_rules_dac_modification_chmod
-
- # RHEL-08-030500
- audit_rules_dac_modification_lchown
-
- # RHEL-08-030510
- audit_rules_dac_modification_fchownat
-
- # RHEL-08-030520
- audit_rules_dac_modification_fchown
- # RHEL-08-030530
+ # RHEL-08-030490
+ - audit_rules_dac_modification_chmod
- audit_rules_dac_modification_fchmodat
-
- # RHEL-08-030540
- audit_rules_dac_modification_fchmod
# RHEL-08-030550