-
Notifications
You must be signed in to change notification settings - Fork 686
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #7876 from Mab879/load_controls_from_folder
Add the ability to load controls from folder
- Loading branch information
Showing
6 changed files
with
133 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
policy: JKLM Benchmark for securing Linux systems | ||
title: JKLM Benchmark for securing Linux systems | ||
id: jklm | ||
version: 1.2.3 | ||
source: https://www.example.com/jklm/linux.pdf | ||
controls: | ||
- id: R2 | ||
title: Minimization of configuration | ||
description: >- | ||
The features configured at the level of launched services | ||
should be limited to the strict minimum. | ||
automated: no | ||
note: >- | ||
This is individual depending on the system workload | ||
therefore needs to be audited manually. | ||
related_rules: | ||
- systemd_target_multi_use | ||
- id: R4 | ||
title: Configure authentication | ||
description: >- | ||
Ensure authentication methods are functional to prevent | ||
unauthorized access to the system. | ||
controls: | ||
- id: R4.a | ||
title: Disable administrator accounts | ||
automated: yes | ||
rules: | ||
- accounts_passwords_pam_faillock_deny_root | ||
- id: R4.b | ||
title: Enforce password quality standards | ||
automated: yes | ||
rules: | ||
- accounts_password_pam_minlen | ||
- accounts_password_pam_ocredit | ||
- var_password_pam_ocredit=1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
controls: | ||
- id: R1 | ||
title: User session timeout | ||
description: >- | ||
Remote user sessions must be closed after a certain | ||
period of inactivity. | ||
automated: yes | ||
rules: | ||
- sshd_set_idle_timeout | ||
- accounts_tmout | ||
- var_accounts_tmout=10_min | ||
- configure_crypto_policy | ||
notes: >- | ||
Certain period of inactivity is vague. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
controls: | ||
- id: R3 | ||
title: Enabling SELinux targeted Policy | ||
description: >- | ||
It is recommended to enable SELinux in enforcing mode | ||
and to use the targeted policy. | ||
automated: yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters