8000 Introduce new rule audit_rules_dac_modification_fchmodat2 by jan-cerny · Pull Request #13335 · ComplianceAsCode/content · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Introduce new rule audit_rules_dac_modification_fchmodat2 #13335

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 23, 2025
Merged

Introduce new rule audit_rules_dac_modification_fchmodat2 #13335

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions components/audit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ rules:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down
1 change: 1 addition & 0 deletions controls/anssi.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1511,6 +1511,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down
1 change: 1 addition & 0 deletions controls/cis_rhel10.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2559,6 +2559,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down
7 changes: 7 additions & 0 deletions controls/hipaa.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down Expand Up @@ -219,6 +220,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down Expand Up @@ -415,6 +417,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down Expand Up @@ -1145,6 +1148,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down Expand Up @@ -1283,6 +1287,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down Expand Up @@ -1451,6 +1456,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down Expand Up @@ -1548,6 +1554,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down
1 change: 1 addition & 0 deletions controls/pcidss_4.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2869,6 +2869,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down
1 change: 1 addition & 0 deletions controls/srg_gpos/SRG-OS-000037-GPOS-00015.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down
1 change: 1 addition & 0 deletions controls/srg_gpos/SRG-OS-000042-GPOS-00020.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down
1 change: 1 addition & 0 deletions controls/srg_gpos/SRG-OS-000062-GPOS-00031.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down
1 change: 1 addition & 0 deletions controls/srg_gpos/SRG-OS-000064-GPOS-00033.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down
1 change: 1 addition & 0 deletions controls/srg_gpos/SRG-OS-000392-GPOS-00172.yml
528C
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down
1 change: 1 addition & 0 deletions controls/srg_gpos/SRG-OS-000462-GPOS-00206.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down
1 change: 1 addition & 0 deletions controls/srg_gpos/SRG-OS-000466-GPOS-00210.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down
1 change: 1 addition & 0 deletions controls/srg_gpos/SRG-OS-000471-GPOS-00215.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ controls:
- audit_rules_dac_modification_chown
- audit_rules_dac_modification_fchmod
- audit_rules_dac_modification_fchmodat
- audit_rules_dac_modification_fchmodat2
- audit_rules_dac_modification_fchown
- audit_rules_dac_modification_fchownat
- audit_rules_dac_modification_fremovexattr
Expand Down
3 changes: 3 additions & 0 deletions ...g/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,3 +85,6 @@ template:
- chmod
- fchmod
- fchmodat
{{% if product == "rhel10" %}}
- fchmodat2
{{% endif %}}
26 changes: 26 additions & 0 deletions ...ure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat2/policy/stig/shared.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
srg_requirement: |-
Successful/unsuccessful uses of the fchmodat2 system call in {{{ full_name }}} must generate an audit record.

vuldiscussion: |-
The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.

checktext: |-
To determine if the system is configured to audit calls to the
fchmodat2 system call, run the following command:
$ sudo grep "fchmodat2" /etc/audit/audit.*
If the system is configured to audit this activity, it will return a line.


If no line is returned, then this is a finding.

fixtext: |-
Configure the audit system to generate an audit event for any successful/unsuccessful use of the "fchmodat2" system call by adding or updating the following rules in the "/etc/audit/rules.d/audit.rules" file:
-a always,exit -F arch=b32 -S fchmodat2 -F auid>={{{ uid_min }}} -F auid!=unset -k perm_mod
-a always,exit -F arch=b64 -S fchmodat2 -F auid>={{{ uid_min }}} -F auid!=unset -k perm_mod

It's allowed to group this system call within the same line as "chmod", "fchmod", "fchmodat" and "fchmodat2".

The audit daemon must be restarted for the changes to take effect.
59 changes: 59 additions & 0 deletions .../auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat2/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
documentation_complete: true

title: 'Record Events that Modify the System''s Discretionary Access Controls - fchmodat2'

description: |-
At a minimum, the audit system should collect file permission
changes for all users and root. If the <tt>auditd</tt> daemon is configured to
use the <tt>augenrules</tt> program to read audit rules during daemon startup
(the default), add the following line to a file with suffix <tt>.rules</tt> in
the directory <tt>/etc/audit/rules.d</tt>:
<pre>-a always,exit -F arch=b32 -S fchmodat2 -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fchmodat2 -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
utility to read audit rules during daemon startup, add the following line to
<tt>/etc/audit/audit.rules</tt> file:
<pre>-a always,exit -F arch=b32 -S fchmodat2 -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fchmodat2 -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>

rationale: |-
The changing of file permissions could indicate that a user is attempting to
gain access to information that would otherwise be disallowed. Auditing DAC modifications
can facilitate the identification of patterns of abuse among both authorized and
unauthorized users.

severity: medium

identifiers:
cce@rhel10: CCE-86535-2

references:
disa: CCI-000172,CCI-000130,CCI-000135,CCI-000169,CCI-002884
hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3)(ii)(A),164.308(a)(5)(ii)(C),164.312(a)(2)(i),164.312(b),164.312(d),164.312(e)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255

{{{ complete_ocil_entry_audit_syscall(syscall="fchmodat2") }}}

warnings:
- general: |-
Note that these rules can be configured in a
number of ways while still achieving the desired effect. Here the system calls
have been placed independent of other system calls. Grouping these system
calls with others as identifying earlier in this guide is more efficient.

fixtext: |-
{{{ fixtext_audit_rules_dac_modification_chmod("fchmodat2") | indent(4) }}}

srg_requirement: '{{{ srg_requirement_audit_syscall("fchmodat2") }}}'

template:
name: audit_rules_dac_modification
vars:
attr: fchmodat2
syscall_grouping:
- chmod
- fchmod
- fchmodat
- fchmodat2
3 changes: 3 additions & 0 deletions ...nfigure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat2/tests/ocp4/e2e.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
default_result: FAIL
result_after_remediation: PASS
8 changes: 8 additions & 0 deletions linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/group.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,20 @@ description: |-
still achieving the desired effect. An example of this is that the "-S" calls
could be split up and placed on separate lines, however, this is less efficient.
Add the following to <tt>/etc/audit/audit.rules</tt>:
{{% if product == "rhel10" %}}
<pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,fchmodat2 -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod
{{% else %}}
<pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod
{{% endif %}}
-a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod
-a always,exit -F arch=b32 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
If your system is 64 bit then these lines should be duplicated and the
arch=b32 replaced with arch=b64 as follows:
{{% if product == "rhel10" %}}
<pre>-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat,fchmodat2 -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod
{{% else %}}
<pre>-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod
{{% endif %}}
-a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod
-a always,exit -F arch=b64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>

1 change: 1 addition & 0 deletions products/alinux2/profiles/pci-dss.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,3 +109,4 @@ selections:
- '!service_timesyncd_enabled'
- '!package_cryptsetup-luks_installed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
1 change: 1 addition & 0 deletions products/alinux3/profiles/pci-dss.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,3 +117,4 @@ selections:
- '!service_timesyncd_enabled'
- '!package_cryptsetup-luks_installed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
1 change: 1 addition & 0 deletions products/almalinux9/profiles/anssi_bp28_enhanced.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ selections:
- '!file_owner_efi_user_cfg'
- '!file_permissions_efi_user_cfg'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
# disable R45: Enable AppArmor security profiles
- '!apparmor_configured'
- '!all_apparmor_profiles_enforced'
Expand Down
1 change: 1 addition & 0 deletions products/almalinux9/profiles/anssi_bp28_high.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ selections:
- '!ensure_redhat_gpgkey_installed'
- '!package_kea_removed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
# disable R45: Enable AppArmor security profiles
- '!apparmor_configured'
- '!all_apparmor_profiles_enforced'
Expand Down
1 change: 1 addition & 0 deletions products/almalinux9/profiles/pci-dss.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,3 +69,4 @@ selections:
- '!ensure_shadow_group_empty'
- '!service_timesyncd_enabled'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
1 change: 1 addition & 0 deletions products/anolis23/profiles/pci-dss.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,3 +140,4 @@ selections:
- '!service_timesyncd_enabled'
- '!package_cryptsetup-luks_installed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
1 change: 1 addition & 0 deletions products/anolis8/profiles/pci-dss.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,3 +139,4 @@ selections:
- '!service_timesyncd_enabled'
- '!package_cryptsetup-luks_installed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
1 change: 1 addition & 0 deletions products/debian12/profiles/anssi_bp28_enhanced.profile
View file 10000
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,4 @@ selections:
- '!ensure_almalinux_gpgkey_installed'
- '!package_dracut-fips-aesni_installed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
1 change: 1 addition & 0 deletions products/debian12/profiles/anssi_bp28_high.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,4 @@ selections:
- '!ensure_almalinux_gpgkey_installed'
- '!package_dracut-fips-aesni_installed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
1 change: 1 addition & 0 deletions products/ol7/profiles/anssi_nt28_enhanced.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,3 +49,4 @@ selections:
- '!grub2_pti_argument'
- '!package_kea_removed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
1 change: 1 addition & 0 deletions products/ol7/profiles/anssi_nt28_high.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,3 +75,4 @@ selections:
- '!grub2_pti_argument'
- '!package_kea_removed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
1 change: 1 addition & 0 deletions products/ol8/profiles/anssi_bp28_enhanced.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ selections:
- '!grub2_page_alloc_shuffle_argument'
- '!package_kea_removed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
# disable R45: Enable AppArmor security profiles
- '!apparmor_configured'
- '!all_apparmor_profiles_enforced'
Expand Down
1 change: 1 addition & 0 deletions products/ol8/profiles/anssi_bp28_high.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ selections:
- '!grub2_page_alloc_shuffle_argument'
- '!package_kea_removed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
# disable R45: Enable AppArmor security profiles
- '!apparmor_configured'
- '!all_apparmor_profiles_enforced'
Expand Down
1 change: 1 addition & 0 deletions products/ol8/profiles/pci-dss.profile
View file
Open in desktop
17AE
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ selections:
- '!aide_periodic_checking_systemd_timer'
- '!package_cryptsetup-luks_installed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
# Use Oracle gpgkey rule
- '!ensure_redhat_gpgkey_installed'
- '!ensure_suse_gpgkey_installed'
Expand Down
1 change: 1 addition & 0 deletions products/ol9/profiles/anssi_bp28_enhanced.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ selections:
- '!package_xinetd_removed'
- '!package_kea_removed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
# OL9 unified the paths for grub2 files. These rules are selected in control file by R29.
- '!file_groupowner_efi_grub2_cfg'
- '!file_owner_efi_grub2_cfg'
Expand Down
1 change: 1 addition & 0 deletions products/ol9/profiles/anssi_bp28_high.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ selections:
- '!package_xinetd_removed'
- '!package_kea_removed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
# disable R45: Enable AppArmor security profiles
- '!apparmor_configured'
- '!all_apparmor_profiles_enforced'
Expand Down
1 change: 1 addition & 0 deletions products/ol9/profiles/pci-dss.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ selections:
- '!ensure_shadow_group_empty'
- '!service_timesyncd_enabled'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
# Not applicable to OL9, packages not available in OL9
- '!package_cryptsetup-luks_installed'
- '!service_rpcbind_disabled'
Expand Down
1 change: 1 addition & 0 deletions products/rhcos4/profiles/anssi_bp28_enhanced.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,3 +119,4 @@ selections:
- '!ensure_oracle_gpgkey_installed'
- '!ensure_almalinux_gpgkey_installed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
1 change: 1 addition & 0 deletions products/rhcos4/profiles/anssi_bp28_high.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,3 +155,4 @@ selections:
- '!ensure_oracle_gpgkey_installed'
- '!ensure_almalinux_gpgkey_installed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
1 change: 1 addition & 0 deletions products/rhel8/profiles/anssi_bp28_enhanced.profile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,5 +61,6 @@ selections:
- '!ensure_almalinux_gpgkey_installed'
- '!package_kea_removed'
- '!audit_rules_file_deletion_events_renameat2'
- '!audit_rules_dac_modification_fchmodat2'
- '!package_rsh-server_removed'
- '!package_rsh_removed'
Loading
Oops, something went wrong.
Loading
0