Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suse sle15 fix reference sles 15 030350 assignment #7346

Merged
merged 3 commits into from
Aug 6, 2021
Merged

Suse sle15 fix reference sles 15 030350 assignment #7346

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
932af26
Move stig reference id SLES-15-030350 and related ids from audit_rule…
teacup-on-rockingchair Aug 6, 2021
21c7434
Move reference of stigid SLES-15-030360 and related ids from audit_ru…
teacup-on-rockingchair Aug 6, 2021
b8f5640
Replace mount/umount command related rules to syscall rules in sle15 …
teacup-on-rockingchair Aug 6, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions ...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,14 @@ severity: medium

identifiers:
cce@sle12: CCE-83218-8
cce@sle15: CCE-85734-2

references:
disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
stigid@sle12: SLES-12-020300
stigid@sle15: SLES-15-030360

{{{ complete_ocil_entry_audit_syscall(syscall="umount") }}}

Expand Down
7 changes: 2 additions & 5 deletions ..._configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,20 +39,17 @@ identifiers:
cce@rhel7: CCE-81064-8
cce@rhel8: CCE-80989-7
cce@sle12: CCE-83145-3
cce@sle15: CCE-85718-5

references:
cis@ubuntu2004: 4.1.11
disa: CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-002884
disa: CCI-000135,CCI-000172,CCI-002884
nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a)
nist@sle15: AU-3,AU-3.1,AU-12(a),AU-12.1(ii),AU-12.1(iv)
ospp: FAU_GEN.1.1.c
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000392-GPOS-00172
stigid@ol7: OL07-00-030740
stigid@rhel7: RHEL-07-030740
stigid@rhel8: RHEL-08-030300
stigid@sle12: SLES-12-020290
stigid@sle15: SLES-15-030350
stigid@ubuntu2004: UBTU-20-010138
vmmsrg: SRG-OS-000471-VMM-001910

Expand Down
7 changes: 2 additions & 5 deletions ...configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,27 +40,24 @@ identifiers:
cce@rhel8: CCE-80739-6
cce@rhel9: CCE-83762-5
cce@sle12: CCE-83158-6
cce@sle15: CCE-85734-2

references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
cis@ubuntu2004: 4.1.11
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,BAI03.05,DSS01.03,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
cui: 3.1.7
disa: CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-002884
disa: CCI-000135,CCI-000172,CCI-002884
hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3)(ii)(A),164.308(a)(5)(ii)(C),164.312(a)(2)(i),164.312(b),164.312(d),164.312(e)
isa-62443-2009: 4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.4.4.7,4.4.2.1,4.4.2.2,4.4.2.4
isa-62443-2013: 'SR 2.10,SR 2.11,SR 2.12,SR 2.8,SR 2.9,SR 6.1,SR 6.2'
iso27001-2013: A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.14.2.7,A.15.2.1,A.15.2.2
nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a)
nist-csf: DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.PT-1
nist@sle15: AU-12(a),AU-12.1(ii),AU-3,AU-3.1,MA-4(1)(a)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000392-GPOS-00172,SRG-OS-000471-GPOS-00215
stigid@ol7: OL07-00-030750
stigid@rhel7: RHEL-07-030750
stigid@rhel8: RHEL-08-030301
stigid@sle12: SLES-12-020300
stigid@sle15: SLES-15-030360
stigid@ubuntu2004: UBTU-20-010139
vmmsrg: SRG-OS-000471-VMM-001910

Expand Down
2 changes: 2 additions & 0 deletions linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ identifiers:
cce@rhel8: CCE-80722-2
cce@rhel9: CCE-83735-1
cce@sle12: CCE-83217-0
cce@sle15: CCE-85718-5

references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
Expand All @@ -51,6 +52,7 @@ references:
stigid@rhel7: RHEL-07-030740
stigid@rhel8: RHEL-08-030302
stigid@sle12: SLES-12-020290
stigid@sle15: SLES-15-030350

ocil_clause: 'there is no output'

Expand Down
4 changes: 2 additions & 2 deletions products/sle15/profiles/stig.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ selections:
- audit_rules_dac_modification_lsetxattr
- audit_rules_dac_modification_removexattr
- audit_rules_dac_modification_setxattr
- audit_rules_dac_modification_umount
- audit_rules_enable_syscall_auditing
- audit_rules_execution_chacl
- audit_rules_execution_chmod
Expand All @@ -102,13 +103,13 @@ selections:
- audit_rules_kernel_module_loading_init
- audit_rules_login_events_lastlog
- audit_rules_login_events_tallylog
- audit_rules_media_export
- audit_rules_privileged_commands_chage
- audit_rules_privileged_commands_chfn
- audit_rules_privileged_commands_chsh
- audit_rules_privileged_commands_crontab
- audit_rules_privileged_commands_gpasswd
- audit_rules_privileged_commands_kmod
- audit_rules_privileged_commands_mount
- audit_rules_privileged_commands_modprobe
- audit_rules_privileged_commands_newgrp
- audit_rules_privileged_commands_pam_timestamp_check
Expand All @@ -124,7 +125,6 @@ selections:
- audit_rules_privileged_commands_unix2_chkpwd
- audit_rules_privileged_commands_usermod
- audit_rules_privileged_commands_sudoedit
- audit_rules_privileged_commands_umount
- audit_rules_session_events_utmp
- audit_rules_session_events_wtmp
- audit_rules_suid_privilege_function
Expand Down