Merge pull request #5749 from willumpie/cis_partitions_rules

Cis partitions rules

linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml

@@ -40,6 +40,7 @@ references:
     stigid@rhel6: "000336"
     srg@rhel6: SRG-OS-999999
     cis@rhe8: 1.1.21
+    cis@ubuntu1804: 1.1.20
     nist: CM-6(a),AC-6(1)
     nist-csf: PR.AC-4,PR.DS-5
     isa-62443-2013: 'SR 2.1,SR 5.2'

linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019,ubuntu1804
 
 title: 'Disable the Automounter'
 
@@ -35,6 +35,7 @@ references:
     stigid@rhel6: "000526"
     srg@rhel6: SRG-OS-999999
     cis@rhel8: 1.1.22
+    cis@ubuntu1804: 1.1.21
     cui: 3.4.6
     disa: 366,778,1958
     hipaa: 164.308(a)(3)(i),164.308(a)(3)(ii)(A),164.310(d)(1),164.310(d)(2),164.312(a)(1),164.312(a)(2)(iv),164.312(b)

linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml

@@ -24,6 +24,7 @@ identifiers:
 
 references:
     cis@rhel8: 1.1.5
+    cis@ubuntu1804: 1.1.14
     stigid@ol7: "021022"
     disa: "1764"
     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7

linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15,ubuntu1804
 
 title: 'Add noexec Option to /dev/shm'
 
@@ -27,6 +27,7 @@ identifiers:
 
 references:
     cis@rhel8: 1.1.17
+    cis@ubuntu1804: 1.1.16
     stigid@ol7: "021024"
     disa: "1764"
     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7

linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml

@@ -24,6 +24,7 @@ identifiers:
 
 references:
     cis@rhel8: 1.1.16
+    cis@ubuntu1804: 1.1.15
     stigid@ol7: "021023"
     disa: "1764"
     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7

linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15
+prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15,ubuntu1804
 
 title: 'Add nodev Option to /home'
 
@@ -28,6 +28,7 @@ identifiers:
 
 references:
     cis@rhel8: 1.1.14
+    cis@ubuntu1804: 1.1.13
     anssi: NT28(R12)
     srg: SRG-OS-000368-GPOS-00154
     cis@sle15: 1.1.15

linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,ocp4,sle15
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,ocp4,sle15,ubuntu1804
 
 title: 'Add nodev Option to Removable Media Partitions'
 
@@ -28,6 +28,7 @@ identifiers:
 
 references:
     cis@rhel8: 1.1.18
+    cis@ubuntu1804: 1.1.17
     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
     nist-csf: PR.AC-3,PR.AC-6,PR.IP-1,PR.PT-2,PR.PT-3
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'

linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,ocp4,sle15
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,ocp4,sle15,ubuntu1804
 
 title: 'Add noexec Option to Removable Media Partitions'
 
@@ -27,6 +27,7 @@ references:
     stigid@rhel6: "000271"
     srg@rhel6: SRG-OS-000035
     cis@rhel8: 1.1.20
+    cis@ubuntu1804: 1.1.19
     disa: "87"
     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
     nist-csf: PR.AC-3,PR.AC-6,PR.IP-1,PR.PT-2,PR.PT-3

linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019,ocp4
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019,ocp4,ubuntu1804
 
 title: 'Add nosuid Option to Removable Media Partitions'
 
@@ -27,6 +27,7 @@ identifiers:
 
 references:
     cis@rhel8: 1.1.19
+    cis@ubuntu1804: 1.1.18
     stigid@ol7: "021010"
     disa: "366"
     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7

linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,sle15
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,sle15,ubuntu1804
 
 title: 'Add nodev Option to /tmp'
 
@@ -25,6 +25,7 @@ identifiers:
 
 references:
     cis@rhel8: 1.1.3
+    cis@ubuntu1804: 1.1.3
     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'

linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml

@@ -28,6 +28,7 @@ references:
     srg@rhel6: SRG-OS-999999
     disa@rhel6: '381'
     cis@rhel8: 1.1.5
+    cis@sle15: 1.1.6
     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
@@ -37,7 +38,6 @@ references:
     cis-csc: 11,13,14,3,8,9
     anssi: NT28(R12)
     srg: SRG-OS-000368-GPOS-00154
-    cis@sle15: 1.1.6
 
 platform: machine
 

linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,sle15
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,sle15,ubuntu1804
 
 title: 'Add nosuid Option to /tmp'
 
@@ -25,6 +25,7 @@ identifiers:
 
 references:
     cis@rhel8: 1.1.4
+    cis@ubuntu1804: 1.1.4
     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'

linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15
+prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15,ubuntu1804
 
 title: 'Add nodev Option to /var/tmp'
 
@@ -26,6 +26,7 @@ identifiers:
 
 references:
     cis@rhel8: 1.1.8
+    cis@ubuntu1804: 1.1.7
     anssi: NT28(R12)
     srg: SRG-OS-000368-GPOS-00154
     cis@sle15: 1.1.9

linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15
+prodtype: ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15,ubuntu1804
 
 title: 'Add noexec Option to /var/tmp'
 
@@ -26,6 +26,7 @@ identifiers:
 
 references:
     cis@rhel8: 1.1.10
+    cis@ubuntu1804: 1.1.9
     anssi: NT28(R12)
     srg: SRG-OS-000368-GPOS-00154
     cis@sle15: 1.1.11

linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15
+prodtype: ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15,ubuntu1804
 
 title: 'Add nosuid Option to /var/tmp'
 
@@ -26,6 +26,7 @@ identifiers:
 
 references:
     cis@rhel8: 1.1.9
+    cis@ubuntu1804: 1.1.8
     anssi: NT28(R12)
     srg: SRG-OS-000368-GPOS-00154
     cis@sle15: 1.1.10

linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml

@@ -29,6 +29,7 @@ references:
     srg@rhel6: SRG-OS-999999
     nist@rhel6: SC-32
     cis@rhel8: 1.1.13
+    cis@ubuntu1804: 1.1.12
     disa: 366,1208
     nist: CM-6(a),SC-5(2)
     nist-csf: PR.PT-4

linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml

@@ -27,6 +27,7 @@ references:
     nist@rhel6: SC-32
     disa@rhel6: '1208'
     cis@rhel8: 1.1.2
+    cis@ubuntu1804: 1.1.2
     disa: "366"
     nist: CM-6(a),SC-5(2)
     nist-csf: PR.PT-4

linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml

@@ -29,6 +29,7 @@ references:
     nist@rhel6: SC-32
     disa@rhel6: '1208'
     cis@rhel8: 1.1.6
+    cis@ubuntu1804: 1.1.5
     disa: "366"
     nist: CM-6(a),SC-5(2)
     nist-csf: PR.PT-4

linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml

@@ -26,6 +26,7 @@ references:
     srg@rhel6: SRG-OS-999999
     disa@rhel6: '1208'
     cis@rhel8: 1.1.11
+    cis@ubuntu1804: 1.1.10
     nist: CM-6(a),AU-4,SC-5(2)
     nist-csf: PR.PT-1,PR.PT-4
     isa-62443-2013: 'SR 2.10,SR 2.11,SR 2.12,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 7.1,SR 7.6'

linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml

@@ -31,6 +31,7 @@ references:
     nist-csf@rhel6: PR.PT-4
     disa@rhel6: 1208,137,138
     cis@rhel8: 1.1.12
+    cis@ubuntu1804: 1.1.11
     disa: 366,1849
     hipaa: 164.312(a)(2)(ii)
     iso27001-2013: A.12.1.3,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.2.1,A.14.1.3,A.17.2.1

linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15
+prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15,ubuntu1804
 
 title: 'Ensure /var/tmp Located On Separate Partition'
 
@@ -23,6 +23,7 @@ identifiers:
 
 references:
     cis@rhel8: 1.1.7
+    cis@ubuntu1804: 1.1.6
     anssi: NT28(R12)
     cis@sle15: 1.1.8