84 lines
3.0 KiB
Diff
84 lines
3.0 KiB
Diff
From fae75e8f00cf5de18c4c1813d94987e848f14233 Mon Sep 17 00:00:00 2001
|
|
From: Watson Sato <wsato@redhat.com>
|
|
Date: Thu, 24 Nov 2022 14:40:15 +0100
|
|
Subject: [PATCH] Map selinux_user_login_roles to RHEL-08-040400
|
|
|
|
This STIG ID is a new addition in DISA RHEL8 STIG V1R8
|
|
---
|
|
.../guide/system/selinux/selinux_user_login_roles/rule.yml | 2 ++
|
|
products/rhel8/profiles/stig.profile | 3 +++
|
|
shared/references/cce-redhat-avail.txt | 1 -
|
|
tests/data/profile_stability/rhel8/stig.profile | 1 +
|
|
tests/data/profile_stability/rhel8/stig_gui.profile | 1 +
|
|
5 files changed, 7 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
|
|
index 053d4341bbd..d4c211c1062 100644
|
|
--- a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
|
|
+++ b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
|
|
@@ -34,6 +34,7 @@ severity: medium
|
|
|
|
identifiers:
|
|
cce@rhel7: CCE-80543-2
|
|
+ cce@rhel8: CCE-86353-0
|
|
|
|
references:
|
|
disa: CCI-002165,CCI-002235
|
|
@@ -41,6 +42,7 @@ references:
|
|
stigid@ol7: OL07-00-020020
|
|
stigid@ol8: OL08-00-040400
|
|
stigid@rhel7: RHEL-07-020020
|
|
+ stigid@rhel8: RHEL-08-040400
|
|
|
|
ocil_clause: 'non-admin users are not confined correctly'
|
|
|
|
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
|
|
index d184957f28c..fe699f34beb 100644
|
|
--- a/products/rhel8/profiles/stig.profile
|
|
+++ b/products/rhel8/profiles/stig.profile
|
|
@@ -1207,5 +1207,8 @@ selections:
|
|
# RHEL-08-040390
|
|
- package_tuned_removed
|
|
|
|
+ # RHEL-08-040400
|
|
+ - selinux_user_login_roles
|
|
+
|
|
# RHEL-08-010163
|
|
- package_krb5-server_removed
|
|
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
|
|
index d2fcd6421e1..9575ecac8c9 100644
|
|
--- a/shared/references/cce-redhat-avail.txt
|
|
+++ b/shared/references/cce-redhat-avail.txt
|
|
@@ -210,7 +210,6 @@ CCE-86343-1
|
|
CCE-86347-2
|
|
CCE-86351-4
|
|
CCE-86352-2
|
|
-CCE-86353-0
|
|
CCE-86355-5
|
|
CCE-86357-1
|
|
CCE-86358-9
|
|
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
|
|
index 51971451996..6ddf29e7bfe 100644
|
|
--- a/tests/data/profile_stability/rhel8/stig.profile
|
|
+++ b/tests/data/profile_stability/rhel8/stig.profile
|
|
@@ -343,6 +343,7 @@ selections:
|
|
- security_patches_up_to_date
|
|
- selinux_policytype
|
|
- selinux_state
|
|
+- selinux_user_login_roles
|
|
- service_auditd_enabled
|
|
- service_autofs_disabled
|
|
- service_debug-shell_disabled
|
|
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
|
|
index fd150744167..fb8f5602dac 100644
|
|
--- a/tests/data/profile_stability/rhel8/stig_gui.profile
|
|
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
|
|
@@ -353,6 +353,7 @@ selections:
|
|
- security_patches_up_to_date
|
|
- selinux_policytype
|
|
- selinux_state
|
|
+- selinux_user_login_roles
|
|
- service_auditd_enabled
|
|
- service_autofs_disabled
|
|
- service_debug-shell_disabled
|