Merge pull request #10161 from truzzon/misc_fixes

Misc CIS/SLE* related updates

controls/cis_alinux2.yml

@@ -316,7 +316,7 @@ controls:
     status: automated
     rules:
     - banner_etc_motd
-    - login_banner_text=cis_banners
+    - motd_banner_text=cis_banners
 
   - id: 1.7.1.2
     title: Ensure local login warning banner is configured properly (Scored)
@@ -334,7 +334,7 @@ controls:
     status: automated
     rules:
     - banner_etc_issue_net
-    - login_banner_text=cis_banners
+    - remote_login_banner_text=cis_banners
 
   - id: 1.7.1.4
     title: Ensure permissions on /etc/motd are configured (Not Scored)
@@ -875,7 +875,7 @@ controls:
     - auditd_data_retention_action_mail_acct
     - var_auditd_action_mail_acct=root
     - auditd_data_retention_admin_space_left_action
-    - var_auditd_admin_space_left_action=halt 
+    - var_auditd_admin_space_left_action=halt
 
   - id: 4.1.1.3
     title: Ensure audit logs are not automatically deleted (Scored)
@@ -885,7 +885,7 @@ controls:
     rules:
     - auditd_data_retention_max_log_file_action
     - var_auditd_max_log_file_action=keep_logs
- 
+
   - id: 4.1.2
     title: Ensure auditd service is enabled (Scored)
     levels:
@@ -1206,15 +1206,15 @@ controls:
     - l1
     status: automated
     rules:
-    - sshd_allow_only_protocol2 
+    - sshd_allow_only_protocol2
 
   - id: 5.2.3
     title: Ensure permissions on SSH private host key files are configured (Scored)
     levels:
     - l1
     status: automated
     rules:
-    - file_permissions_sshd_private_key 
+    - file_permissions_sshd_private_key
 
   - id: 5.2.4
     title: Ensure permissions on SSH public host key files are configured (Scored)

controls/cis_alinux3.yml

@@ -209,7 +209,7 @@ controls:
     status: automated
     rules:
       - banner_etc_motd
-      - login_banner_text=cis_banners
+      - motd_banner_text=cis_banners
 
   - id: 1.2.2
     title: Ensure local login warning banner is configured properly (Automated)
@@ -224,7 +224,10 @@ controls:
     title: Ensure remote login warning banner is configured properly (Automated)
     levels:
       - l1
-    status: planned
+    status: automated
+    rules:
+      - banner_etc_issue_net
+      - remote_login_banner_text=cis_banners
 
   - id: 1.2.4
     title: Ensure permissions on /etc/motd are configured (Automated)

controls/cis_rhel7.yml

@@ -483,7 +483,7 @@ controls:
     status: automated
     rules:
     - banner_etc_motd
-    - login_banner_text=cis_banners
+    - motd_banner_text=cis_banners
 
   - id: 1.7.2
     title: Ensure local login warning banner is configured properly (Automated)
@@ -503,7 +503,7 @@ controls:
     status: automated
     rules:
       - banner_etc_issue_net
-      - login_banner_text=cis_banners
+      - remote_login_banner_text=cis_banners
 
   - id: 1.7.4
     title: Ensure permissions on /etc/motd are configured (Automated)

controls/cis_rhel8.yml

@@ -533,7 +533,7 @@ controls:
     status: automated
     rules:
       - banner_etc_motd
-      - login_banner_text=cis_banners
+      - motd_banner_text=cis_banners
 
   - id: 1.7.2
     title: Ensure local login warning banner is configured properly (Automated)
@@ -553,7 +553,7 @@ controls:
     status: automated
     rules:
       - banner_etc_issue_net
-      - login_banner_text=cis_banners
+      - remote_login_banner_text=cis_banners
 
   - id: 1.7.4
     title: Ensure permissions on /etc/motd are configured (Automated)

controls/cis_rhel9.yml

@@ -502,7 +502,7 @@ controls:
     status: automated
     rules:
       - banner_etc_motd
-      - login_banner_text=cis_banners
+      - motd_banner_text=cis_banners
 
   - id: 1.7.2
     title: Ensure local login warning banner is configured properly (Automated)
@@ -522,7 +522,7 @@ controls:
     status: automated
     rules:
       - banner_etc_issue_net
-      - login_banner_text=cis_banners
+      - remote_login_banner_text=cis_banners
 
   - id: 1.7.4
     title: Ensure permissions on /etc/motd are configured (Automated)

controls/cis_sle12.yml

@@ -34,7 +34,7 @@ controls:
     - l2_workstation
     status: automated
     rules:
-    - kernel_module_cramfs_disabled 
+    - kernel_module_cramfs_disabled
     - kernel_module_squashfs_disabled
 
   - id: 1.1.1.2
@@ -250,10 +250,10 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: manual  
-    notes: >- 
-       The control cannot be automated, 
-       and should be addressed manually. 
+    status: manual
+    notes: >-
+       The control cannot be automated,
+       and should be addressed manually.
     rules:
       - ensure_GPG_keys_are_configured
 
@@ -262,10 +262,10 @@ controls:
     levels:
     - l1_server
     - l1_workstation
-    status: manual 
-    notes: >- 
-       The control cannot be automated, 
-       and should be addressed manually. 
+    status: manual
+    notes: >-
+       The control cannot be automated,
+       and should be addressed manually.
     rules:
     - ensure_package_repositories_are_configured
 
@@ -433,7 +433,7 @@ controls:
       - l1_server
       - l1_workstation
     status: automated
-    rules: 
+    rules:
       - all_apparmor_profiles_in_enforce_complain_mode
       - var_apparmor_mode=complain
 
@@ -454,7 +454,7 @@ controls:
     status: automated
     rules:
       - banner_etc_motd
-      - login_banner_text=cis_banners
+      - motd_banner_text=cis_banners
 
   - id: 1.8.1.2
     title: Ensure local login warning banner is configured properly (Automated)
@@ -474,7 +474,7 @@ controls:
     status: automated
     rules:
       - banner_etc_issue_net
-      - login_banner_text=cis_banners 
+      - remote_login_banner_text=cis_banners
 
   - id: 1.8.1.4
     title: Ensure permissions on /etc/motd are configured (Automated)
@@ -518,7 +518,7 @@ controls:
     related_rules:
     - security_patches_up_to_date
 
-  - id: "1.10"
+  - id: 1.10
     title: Ensure GDM login banner is configured (Automated)
     levels:
       - l1_server
@@ -1029,17 +1029,17 @@ controls:
     levels:
     - l1_server
     - l1_workstation
-    status: automated 
-    rules: 
+    status: automated
+    rules:
     - set_iptables_default_rule
 
   - id: 3.5.3.1
     title: Ensure IPv6 loopback traffic is configured (Automated)
     levels:
     - l1_server
     - l1_workstation
-    status: automated 
-    rules: 
+    status: automated
+    rules:
     - set_ipv6_loopback_traffic
 
   - id: 3.5.3.2
@@ -1070,7 +1070,7 @@ controls:
     levels:
       - l2_server
       - l2_workstation
-    status: automated 
+    status: automated
     rules:
       - package_audit_installed
       - package_audit-libs_installed
@@ -1177,7 +1177,7 @@ controls:
     levels:
     - l2_server
     - l2_workstation
-    status: automated 
+    status: automated
     rules:
     - audit_rules_mac_modification
     - audit_rules_mac_modification_usr_share
@@ -1331,7 +1331,7 @@ controls:
       - l1_server
       - l1_workstation
     status: automated
-    rules: 
+    rules:
       - rsyslog_files_permissions
       - rsyslog_files_ownership
       - rsyslog_files_groupownership
@@ -1796,7 +1796,7 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: automated 
+    status: automated
     rules:
       - accounts_maximum_age_login_defs
       - var_accounts_maximum_age_login_defs=365
@@ -1807,7 +1807,7 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: automated 
+    status: automated
     rules:
       - accounts_minimum_age_login_defs
       - var_accounts_minimum_age_login_defs=1
@@ -2073,7 +2073,7 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: automated 
+    status: automated
     rules:
       - accounts_user_interactive_home_directory_exists
 
@@ -2196,6 +2196,6 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: automated 
+    status: automated
     rules:
       - ensure_shadow_group_empty