Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cis partitions rules #5749

Merged
merged 4 commits into from
May 12, 2020
Merged

Cis partitions rules #5749

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5879a87
Add cis partitions rules
willumpie May 6, 2020
87fdc58
Add rules for paritions to ubuntu
willumpie May 6, 2020
9da3486
remove duplicate CIS@Ubuntu1804 entry
willumpie May 11, 2020
d8fd332
restore mount_option_tmp_noexec changes
willumpie May 11, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ references:
stigid@rhel6: "000336"
srg@rhel6: SRG-OS-999999
cis@rhe8: 1.1.21
cis@ubuntu1804: 1.1.20
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
isa-62443-2013: 'SR 2.1,SR 5.2'
Expand Down
3 changes: 2 additions & 1 deletion linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019,ubuntu1804

title: 'Disable the Automounter'

Expand Down Expand Up @@ -35,6 +35,7 @@ references:
stigid@rhel6: "000526"
srg@rhel6: SRG-OS-999999
cis@rhel8: 1.1.22
cis@ubuntu1804: 1.1.21
cui: 3.4.6
disa: 366,778,1958
hipaa: 164.308(a)(3)(i),164.308(a)(3)(ii)(A),164.310(d)(1),164.310(d)(2),164.312(a)(1),164.312(a)(2)(iv),164.312(b)
Expand Down
1 change: 1 addition & 0 deletions linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ identifiers:

references:
cis@rhel8: 1.1.5
cis@ubuntu1804: 1.1.14
stigid@ol7: "021022"
disa: "1764"
nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
Expand Down
3 changes: 2 additions & 1 deletion linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15
prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15,ubuntu1804

title: 'Add noexec Option to /dev/shm'

Expand All @@ -27,6 +27,7 @@ identifiers:

references:
cis@rhel8: 1.1.17
cis@ubuntu1804: 1.1.16
stigid@ol7: "021024"
disa: "1764"
nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
Expand Down
1 change: 1 addition & 0 deletions linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ identifiers:

references:
cis@rhel8: 1.1.16
cis@ubuntu1804: 1.1.15
stigid@ol7: "021023"
disa: "1764"
nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
Expand Down
3 changes: 2 additions & 1 deletion linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15
prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15,ubuntu1804

title: 'Add nodev Option to /home'

Expand Down Expand Up @@ -28,6 +28,7 @@ identifiers:

references:
cis@rhel8: 1.1.14
cis@ubuntu1804: 1.1.13
anssi: NT28(R12)
srg: SRG-OS-000368-GPOS-00154
cis@sle15: 1.1.15
Expand Down
3 changes: 2 additions & 1 deletion ...x_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,ocp4,sle15
prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,ocp4,sle15,ubuntu1804

title: 'Add nodev Option to Removable Media Partitions'

Expand Down Expand Up @@ -28,6 +28,7 @@ identifiers:

references:
cis@rhel8: 1.1.18
cis@ubuntu1804: 1.1.17
nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
nist-csf: PR.AC-3,PR.AC-6,PR.IP-1,PR.PT-2,PR.PT-3
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
Expand Down
3 changes: 2 additions & 1 deletion ..._os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,ocp4,sle15
prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,ocp4,sle15,ubuntu1804

title: 'Add noexec Option to Removable Media Partitions'

Expand All @@ -27,6 +27,7 @@ references:
stigid@rhel6: "000271"
srg@rhel6: SRG-OS-000035
cis@rhel8: 1.1.20
cis@ubuntu1804: 1.1.19
disa: "87"
nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
nist-csf: PR.AC-3,PR.AC-6,PR.IP-1,PR.PT-2,PR.PT-3
Expand Down
3 changes: 2 additions & 1 deletion ..._os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019,ocp4
prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019,ocp4,ubuntu1804

title: 'Add nosuid Option to Removable Media Partitions'

Expand All @@ -27,6 +27,7 @@ identifiers:

references:
cis@rhel8: 1.1.19
cis@ubuntu1804: 1.1.18
stigid@ol7: "021010"
disa: "366"
nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
Expand Down
3 changes: 2 additions & 1 deletion linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,sle15
prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,sle15,ubuntu1804

title: 'Add nodev Option to /tmp'

Expand All @@ -25,6 +25,7 @@ identifiers:

references:
cis@rhel8: 1.1.3
cis@ubuntu1804: 1.1.3
nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
Expand Down
2 changes: 1 addition & 1 deletion linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ references:
srg@rhel6: SRG-OS-999999
disa@rhel6: '381'
cis@rhel8: 1.1.5
cis@sle15: 1.1.6
nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
Expand All @@ -37,7 +38,6 @@ references:
cis-csc: 11,13,14,3,8,9
anssi: NT28(R12)
srg: SRG-OS-000368-GPOS-00154
cis@sle15: 1.1.6
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sle15 removed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

restored


platform: machine

Expand Down
3 changes: 2 additions & 1 deletion linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,sle15
prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,sle15,ubuntu1804

title: 'Add nosuid Option to /tmp'

Expand All @@ -25,6 +25,7 @@ identifiers:

references:
cis@rhel8: 1.1.4
cis@ubuntu1804: 1.1.4
nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
Expand Down
3 changes: 2 additions & 1 deletion linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15
prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15,ubuntu1804

title: 'Add nodev Option to /var/tmp'

Expand All @@ -26,6 +26,7 @@ identifiers:

references:
cis@rhel8: 1.1.8
cis@ubuntu1804: 1.1.7
anssi: NT28(R12)
srg: SRG-OS-000368-GPOS-00154
cis@sle15: 1.1.9
Expand Down
3 changes: 2 additions & 1 deletion linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15
prodtype: ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15,ubuntu1804

title: 'Add noexec Option to /var/tmp'

Expand All @@ -26,6 +26,7 @@ identifiers:

references:
cis@rhel8: 1.1.10
cis@ubuntu1804: 1.1.9
anssi: NT28(R12)
srg: SRG-OS-000368-GPOS-00154
cis@sle15: 1.1.11
Expand Down
3 changes: 2 additions & 1 deletion linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15
prodtype: ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15,ubuntu1804

title: 'Add nosuid Option to /var/tmp'

Expand All @@ -26,6 +26,7 @@ identifiers:

references:
cis@rhel8: 1.1.9
cis@ubuntu1804: 1.1.8
anssi: NT28(R12)
srg: SRG-OS-000368-GPOS-00154
cis@sle15: 1.1.10
Expand Down
1 change: 1 addition & 0 deletions linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ references:
srg@rhel6: SRG-OS-999999
nist@rhel6: SC-32
cis@rhel8: 1.1.13
cis@ubuntu1804: 1.1.12
disa: 366,1208
nist: CM-6(a),SC-5(2)
nist-csf: PR.PT-4
Expand Down
1 change: 1 addition & 0 deletions linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ references:
nist@rhel6: SC-32
disa@rhel6: '1208'
cis@rhel8: 1.1.2
cis@ubuntu1804: 1.1.2
disa: "366"
nist: CM-6(a),SC-5(2)
nist-csf: PR.PT-4
Expand Down
1 change: 1 addition & 0 deletions linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ references:
nist@rhel6: SC-32
disa@rhel6: '1208'
cis@rhel8: 1.1.6
cis@ubuntu1804: 1.1.5
disa: "366"
nist: CM-6(a),SC-5(2)
nist-csf: PR.PT-4
Expand Down
1 change: 1 addition & 0 deletions linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ references:
srg@rhel6: SRG-OS-999999
disa@rhel6: '1208'
cis@rhel8: 1.1.11
cis@ubuntu1804: 1.1.10
nist: CM-6(a),AU-4,SC-5(2)
nist-csf: PR.PT-1,PR.PT-4
isa-62443-2013: 'SR 2.10,SR 2.11,SR 2.12,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 7.1,SR 7.6'
Expand Down
1 change: 1 addition & 0 deletions linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ references:
nist-csf@rhel6: PR.PT-4
disa@rhel6: 1208,137,138
cis@rhel8: 1.1.12
cis@ubuntu1804: 1.1.11
disa: 366,1849
hipaa: 164.312(a)(2)(ii)
iso27001-2013: A.12.1.3,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.2.1,A.14.1.3,A.17.2.1
Expand Down
3 changes: 2 additions & 1 deletion linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15
prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15,ubuntu1804

title: 'Ensure /var/tmp Located On Separate Partition'

Expand All @@ -23,6 +23,7 @@ identifiers:

references:
cis@rhel8: 1.1.7
cis@ubuntu1804: 1.1.6
anssi: NT28(R12)
cis@sle15: 1.1.8

Expand Down