Update 4.1.3.19 CIS requirement for RHEL8 and RHEL9

This requirement is now complete and better aligned to the CIS Benchmark for RHEL8 and RHEL9.
ComplianceAsCode · Apr 25, 2023 · 957b1de · 957b1de
1 parent f223ce6
commit 957b1de
Show file tree

Hide file tree

Showing 7 changed files with 14 additions and 17 deletions.
diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
@@ -1660,19 +1660,19 @@ controls:
     rules:
       - audit_rules_privileged_commands_usermod
 
-  # NEEDS RULE
   - id: 4.1.3.19
     title: Ensure kernel module loading, unloading and modification is collected (Automated)
     levels:
       - l2_server
       - l2_workstation
-    status: partial
+    status: automated
     rules:
+      - audit_rules_kernel_module_loading_create
       - audit_rules_kernel_module_loading_delete
+      - audit_rules_kernel_module_loading_finit
       - audit_rules_kernel_module_loading_init
-      - audit_rules_privileged_commands_insmod
-      - audit_rules_privileged_commands_modprobe
-      - audit_rules_privileged_commands_rmmod
+      - audit_rules_kernel_module_loading_query
+      - audit_rules_privileged_commands_kmod
 
   - id: 4.1.3.20
     title: Ensure the audit configuration is immutable (Automated)

diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml
@@ -1412,19 +1412,19 @@ controls:
     rules:
       - audit_rules_privileged_commands_usermod
 
-  # NEEDS RULE
   - id: 4.1.3.19
     title: Ensure kernel module loading, unloading and modification is collected (Automated)
     levels:
       - l2_server
       - l2_workstation
-    status: partial
+    status: automated
     rules:
+      - audit_rules_kernel_module_loading_create
       - audit_rules_kernel_module_loading_delete
+      - audit_rules_kernel_module_loading_finit
       - audit_rules_kernel_module_loading_init
-      - audit_rules_privileged_commands_insmod
-      - audit_rules_privileged_commands_modprobe
-      - audit_rules_privileged_commands_rmmod
+      - audit_rules_kernel_module_loading_query
+      - audit_rules_privileged_commands_kmod
 
   - id: 4.1.3.20
     title: Ensure the audit configuration is immutable (Automated)

diff --git a/...figure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/...figure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
@@ -43,7 +43,8 @@ references:
     cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
     cis@alinux2: 4.1.17
     cis@rhel7: 4.1.17
-    cis@rhel8: 4.1.15
+    cis@rhel8: 4.1.3.19
+    cis@rhel9: 4.1.3.19
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
     cui: 3.1.7
     disa: CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-002884

diff --git a/...configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml b/...configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
@@ -36,8 +36,6 @@ references:
     anssi: BP28(R73)
     cis@alinux2: 4.1.17
     cis@rhel7: 4.1.16
-    cis@rhel8: 4.1.3.19
-    cis@rhel9: 4.1.3.19
     cis@sle12: 4.1.16
     cis@sle15: 4.1.16
     cis@ubuntu2004: 4.1.16

diff --git a/...d_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/...d_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
@@ -45,6 +45,8 @@ identifiers:
 references:
     anssi: BP28(R73)
     cis@alinux3: 4.1.3.20
+    cis@rhel8: 4.1.3.19
+    cis@rhel9: 4.1.3.19
     disa: CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-002884
     nist: AU-3,AU-3.1,AU-12(a),AU-12.1(ii),AU-12.1(iv)AU-12(c),MA-4(1)(a)
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222

diff --git a/...nfigure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml b/...nfigure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
@@ -40,8 +40,6 @@ references:
     anssi: BP28(R73)
     cis@alinux2: 4.1.17
     cis@rhel7: 4.1.16
-    cis@rhel8: 4.1.3.19
-    cis@rhel9: 4.1.3.19
     cis@sle12: 4.1.16
     cis@sle15: 4.1.16
     cis@ubuntu2004: 4.1.16

diff --git a/..._configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml b/..._configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
@@ -36,8 +36,6 @@ references:
     anssi: BP28(R73)
     cis@alinux2: 4.1.17
     cis@rhel7: 4.1.16
-    cis@rhel8: 4.1.3.19
-    cis@rhel9: 4.1.3.19
     cis@sle12: 4.1.16
     cis@sle15: 4.1.16
     cis@ubuntu2004: 4.1.16