|
 |
dac76a |
From 6b015c09b43ecac4226c5bcf974794a1b2a8d557 Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Watson Sato <wsato@redhat.com>
|
|
|
dac76a |
Date: Tue, 17 Mar 2020 17:27:09 +0100
|
|
|
dac76a |
Subject: [PATCH 1/8] Add rule for permissions of /etc/motd
|
|
|
dac76a |
|
|
|
dac76a |
---
|
|
|
dac76a |
.../file_permissions_etc_motd/rule.yml | 33 +++++++++++++++++++
|
|
|
dac76a |
3 files changed, 35 insertions(+), 3 deletions(-)
|
|
|
dac76a |
create mode 100644 linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
|
|
|
dac76a |
new file mode 100644
|
|
|
dac76a |
index 0000000000..6d81eb43d1
|
|
|
dac76a |
--- /dev/null
|
|
|
dac76a |
+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
|
|
|
dac76a |
@@ -0,0 +1,33 @@
|
|
|
dac76a |
+documentation_complete: true
|
|
|
dac76a |
+
|
|
|
dac76a |
+title: 'Verify permissions on Message of the Day Banner'
|
|
|
dac76a |
+
|
|
|
dac76a |
+description: |-
|
|
|
dac76a |
+ {{{ describe_file_permissions(file="/etc/motd", perms="0644") }}}
|
|
|
dac76a |
+
|
|
|
dac76a |
+rationale: |-
|
|
|
dac76a |
+ Display of a standardized and approved use notification before granting
|
|
|
dac76a |
+ access to the operating system ensures privacy and security notification
|
|
|
dac76a |
+ verbiage used is consistent with applicable federal laws, Executive Orders,
|
|
|
dac76a |
+ directives, policies, regulations, standards, and guidance.
|
|
|
dac76a |
+ Proper permissions will ensure that only root user can modify the banner.
|
|
|
dac76a |
+
|
|
|
dac76a |
+severity: medium
|
|
|
dac76a |
+
|
|
|
dac76a |
+identifiers:
|
|
|
dac76a |
+ cce@rhel7: 83337-6
|
|
|
dac76a |
+ cce@rhel8: 83338-4
|
|
|
dac76a |
+
|
|
|
dac76a |
+references:
|
|
|
dac76a |
+ cis@rhel7: 1.7.1.4
|
|
|
dac76a |
+ cis@rhel8: 1.8.1.4
|
|
|
dac76a |
+
|
|
|
dac76a |
+ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/motd", perms="-rw-r--r--") }}}'
|
|
|
dac76a |
+
|
|
|
dac76a |
+ocil: '{{{ ocil_file_permissions(file="/etc/motd", perms="-rw-r--r--") }}}'
|
|
|
dac76a |
+
|
|
|
dac76a |
+template:
|
|
|
dac76a |
+ name: file_permissions
|
|
|
dac76a |
+ vars:
|
|
|
dac76a |
+ filepath: /etc/motd
|
|
|
dac76a |
+ filemode: '0644'
|
|
|
dac76a |
From 9448111043016e27bc319cfc6606361edd235f38 Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Watson Sato <wsato@redhat.com>
|
|
|
dac76a |
Date: Tue, 17 Mar 2020 17:47:09 +0100
|
|
|
dac76a |
Subject: [PATCH 2/8] Add rule for permissions of /etc/issue
|
|
|
dac76a |
|
|
|
dac76a |
---
|
|
|
dac76a |
.../file_permissions_etc_issue/rule.yml | 33 +++++++++++++++++++
|
|
|
dac76a |
3 files changed, 35 insertions(+), 3 deletions(-)
|
|
|
dac76a |
create mode 100644 linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
|
|
|
dac76a |
new file mode 100644
|
|
|
dac76a |
index 0000000000..323c3b93b6
|
|
|
dac76a |
--- /dev/null
|
|
|
dac76a |
+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
|
|
|
dac76a |
@@ -0,0 +1,33 @@
|
|
|
dac76a |
+documentation_complete: true
|
|
|
dac76a |
+
|
|
|
dac76a |
+title: 'Verify permissions on System Login Banner'
|
|
|
dac76a |
+
|
|
|
dac76a |
+description: |-
|
|
|
dac76a |
+ {{{ describe_file_permissions(file="/etc/issue", perms="0644") }}}
|
|
|
dac76a |
+
|
|
|
dac76a |
+rationale: |-
|
|
|
dac76a |
+ Display of a standardized and approved use notification before granting
|
|
|
dac76a |
+ access to the operating system ensures privacy and security notification
|
|
|
dac76a |
+ verbiage used is consistent with applicable federal laws, Executive Orders,
|
|
|
dac76a |
+ directives, policies, regulations, standards, and guidance.
|
|
|
dac76a |
+ Proper permissions will ensure that only root user can modify the banner.
|
|
|
dac76a |
+
|
|
|
dac76a |
+severity: medium
|
|
|
dac76a |
+
|
|
|
dac76a |
+identifiers:
|
|
|
dac76a |
+ cce@rhel7: 83347-5
|
|
|
dac76a |
+ cce@rhel8: 83348-3
|
|
|
dac76a |
+
|
|
|
dac76a |
+references:
|
|
|
dac76a |
+ cis@rhel7: 1.7.1.5
|
|
|
dac76a |
+ cis@rhel8: 1.8.1.5
|
|
|
dac76a |
+
|
|
|
dac76a |
+ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/issue", perms="-rw-r--r--") }}}'
|
|
|
dac76a |
+
|
|
|
dac76a |
+ocil: '{{{ ocil_file_permissions(file="/etc/issue", perms="-rw-r--r--") }}}'
|
|
|
dac76a |
+
|
|
|
dac76a |
+template:
|
|
|
dac76a |
+ name: file_permissions
|
|
|
dac76a |
+ vars:
|
|
|
dac76a |
+ filepath: /etc/issue
|
|
|
dac76a |
+ filemode: '0644'
|
|
|
dac76a |
From 927265b500b38a9ba0eefd94ecce5de4c8fc3ac2 Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Watson Sato <wsato@redhat.com>
|
|
|
dac76a |
Date: Tue, 17 Mar 2020 19:12:48 +0100
|
|
|
dac76a |
Subject: [PATCH 3/8] Select rules for /etc/crontab permissions
|
|
|
dac76a |
|
|
|
dac76a |
---
|
|
|
dac76a |
.../services/cron_and_at/file_groupowner_crontab/rule.yml | 3 ++-
|
|
|
dac76a |
.../guide/services/cron_and_at/file_owner_crontab/rule.yml | 3 ++-
|
|
|
dac76a |
.../services/cron_and_at/file_permissions_crontab/rule.yml | 3 ++-
|
|
|
dac76a |
4 files changed, 11 insertions(+), 4 deletions(-)
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml
|
|
|
dac76a |
index 8df80cb535..29d0c882b4 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82223-9
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.2
|
|
|
dac76a |
+ cis@rhel7: 5.1.2
|
|
|
dac76a |
+ cis@rhel8: 5.1.2
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml
|
|
|
dac76a |
index a10a283a86..6ac696229f 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82224-7
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.2
|
|
|
dac76a |
+ cis@rhel7: 5.1.2
|
|
|
dac76a |
+ cis@rhel8: 5.1.2
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml
|
|
|
dac76a |
index 126bffd0bb..f587ab67ef 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82206-4
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.2
|
|
|
dac76a |
+ cis@rhel7: 5.1.2
|
|
|
dac76a |
+ cis@rhel8: 5.1.2
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
From 51d320c401981dd06d097bb2850c9a7aa6977059 Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Watson Sato <wsato@redhat.com>
|
|
|
dac76a |
Date: Tue, 17 Mar 2020 19:16:22 +0100
|
|
|
dac76a |
Subject: [PATCH 4/8] Select rules for /etc/cron.hourly permissions
|
|
|
dac76a |
|
|
|
dac76a |
---
|
|
|
dac76a |
.../cron_and_at/file_groupowner_cron_hourly/rule.yml | 3 ++-
|
|
|
dac76a |
.../services/cron_and_at/file_owner_cron_hourly/rule.yml | 3 ++-
|
|
|
dac76a |
.../cron_and_at/file_permissions_cron_hourly/rule.yml | 3 ++-
|
|
|
dac76a |
4 files changed, 11 insertions(+), 4 deletions(-)
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml
|
|
|
dac76a |
index c3545bca73..514dc5510e 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82227-0
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.3
|
|
|
dac76a |
+ cis@rhel7: 5.1.3
|
|
|
dac76a |
+ cis@rhel8: 5.1.3
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml
|
|
|
dac76a |
index 298a03bbec..2b4a8c6047 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82209-8
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.3
|
|
|
dac76a |
+ cis@rhel7: 5.1.3
|
|
|
dac76a |
+ cis@rhel8: 5.1.3
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml
|
|
|
dac76a |
index 1d06872cf4..e726d64966 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82230-4
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.3
|
|
|
dac76a |
+ cis@rhel7: 5.1.3
|
|
|
dac76a |
+ cis@rhel8: 5.1.3
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
From 94cd82ae26481d8d7343fcc65e6b2f5e88cefd3b Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Watson Sato <wsato@redhat.com>
|
|
|
dac76a |
Date: Tue, 17 Mar 2020 19:18:41 +0100
|
|
|
dac76a |
Subject: [PATCH 5/8] Select rules for /etc/cron.daily permissions
|
|
|
dac76a |
|
|
|
dac76a |
---
|
|
|
dac76a |
.../cron_and_at/file_groupowner_cron_daily/rule.yml | 3 ++-
|
|
|
dac76a |
.../services/cron_and_at/file_owner_cron_daily/rule.yml | 3 ++-
|
|
|
dac76a |
.../cron_and_at/file_permissions_cron_daily/rule.yml | 3 ++-
|
|
|
dac76a |
4 files changed, 11 insertions(+), 4 deletions(-)
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml
|
|
|
dac76a |
index 53e1800074..38e4fdde5e 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82234-6
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.4
|
|
|
dac76a |
+ cis@rhel7: 5.1.4
|
|
|
dac76a |
+ cis@rhel8: 5.1.4
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml
|
|
|
dac76a |
index ed6e76e419..86625ac049 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82237-9
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.4
|
|
|
dac76a |
+ cis@rhel7: 5.1.4
|
|
|
dac76a |
+ cis@rhel8: 5.1.4
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml
|
|
|
dac76a |
index 4313ffb6ab..6e57b028cd 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82240-3
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.4
|
|
|
dac76a |
+ cis@rhel7: 5.1.4
|
|
|
dac76a |
+ cis@rhel8: 5.1.4
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
From a8d0f1253631913f27bcb9f6d70b46234feda723 Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Watson Sato <wsato@redhat.com>
|
|
|
dac76a |
Date: Tue, 17 Mar 2020 19:21:12 +0100
|
|
|
dac76a |
Subject: [PATCH 6/8] Select rules for /etc/cron.weekly permissions
|
|
|
dac76a |
|
|
|
dac76a |
---
|
|
|
dac76a |
.../cron_and_at/file_groupowner_cron_weekly/rule.yml | 3 ++-
|
|
|
dac76a |
.../services/cron_and_at/file_owner_cron_weekly/rule.yml | 3 ++-
|
|
|
dac76a |
.../cron_and_at/file_permissions_cron_weekly/rule.yml | 3 ++-
|
|
|
dac76a |
4 files changed, 11 insertions(+), 4 deletions(-)
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml
|
|
|
dac76a |
index de1ac8c656..4760ea55f6 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82244-5
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.5
|
|
|
dac76a |
+ cis@rhel7: 5.1.5
|
|
|
dac76a |
+ cis@rhel8: 5.1.5
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml
|
|
|
dac76a |
index f5bba63516..e5e3de8cd1 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82247-8
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.5
|
|
|
dac76a |
+ cis@rhel7: 5.1.5
|
|
|
dac76a |
+ cis@rhel8: 5.1.5
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml
|
|
|
dac76a |
index 523ea17731..daf345338a 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82253-6
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.5
|
|
|
dac76a |
+ cis@rhel7: 5.1.5
|
|
|
dac76a |
+ cis@rhel8: 5.1.5
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
From 35176b1486c57bfd6a981a8719de65f09d200380 Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Watson Sato <wsato@redhat.com>
|
|
|
dac76a |
Date: Tue, 17 Mar 2020 19:25:12 +0100
|
|
|
dac76a |
Subject: [PATCH 7/8] Select rules for /etc/cron.monthly permissions
|
|
|
dac76a |
|
|
|
dac76a |
---
|
|
|
dac76a |
.../cron_and_at/file_groupowner_cron_monthly/rule.yml | 3 ++-
|
|
|
dac76a |
.../services/cron_and_at/file_owner_cron_monthly/rule.yml | 3 ++-
|
|
|
dac76a |
.../cron_and_at/file_permissions_cron_monthly/rule.yml | 3 ++-
|
|
|
dac76a |
4 files changed, 11 insertions(+), 4 deletions(-)
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml
|
|
|
dac76a |
index a664d78b0a..2a11340ec4 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82256-9
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.6
|
|
|
dac76a |
+ cis@rhel7: 5.1.6
|
|
|
dac76a |
+ cis@rhel8: 5.1.6
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml
|
|
|
dac76a |
index 35f2bc19ed..76c671aa06 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82260-1
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.6
|
|
|
dac76a |
+ cis@rhel7: 5.1.6
|
|
|
dac76a |
+ cis@rhel8: 5.1.6
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml
|
|
|
dac76a |
index b4d1863633..cc186ff7a1 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82263-5
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.6
|
|
|
dac76a |
+ cis@rhel7: 5.1.6
|
|
|
dac76a |
+ cis@rhel8: 5.1.6
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
From 5b839624790399a1dbca16478fef9b3e628df1d4 Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Watson Sato <wsato@redhat.com>
|
|
|
dac76a |
Date: Tue, 17 Mar 2020 19:27:55 +0100
|
|
|
dac76a |
Subject: [PATCH 8/8] Select rules for /etc/cron.d permissions
|
|
|
dac76a |
|
|
|
dac76a |
---
|
|
|
dac76a |
.../services/cron_and_at/file_groupowner_cron_d/rule.yml | 3 ++-
|
|
|
dac76a |
.../guide/services/cron_and_at/file_owner_cron_d/rule.yml | 3 ++-
|
|
|
dac76a |
.../services/cron_and_at/file_permissions_cron_d/rule.yml | 3 ++-
|
|
|
dac76a |
4 files changed, 11 insertions(+), 4 deletions(-)
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml
|
|
|
dac76a |
index 3add79db18..6b1a3faf05 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82268-4
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.7
|
|
|
dac76a |
+ cis@rhel7: 5.1.7
|
|
|
dac76a |
+ cis@rhel8: 5.1.7
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml
|
|
|
dac76a |
index 8778109761..88586a0268 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82272-6
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.7
|
|
|
dac76a |
+ cis@rhel7: 5.1.7
|
|
|
dac76a |
+ cis@rhel8: 5.1.7
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|
|
|
dac76a |
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml
|
|
|
dac76a |
index cd0dc6167a..f904dce932 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml
|
|
|
dac76a |
@@ -20,7 +20,8 @@ identifiers:
|
|
|
dac76a |
cce@rhel8: 82277-5
|
|
|
dac76a |
|
|
|
dac76a |
references:
|
|
|
dac76a |
- cis: 5.1.7
|
|
|
dac76a |
+ cis@rhel7: 5.1.7
|
|
|
dac76a |
+ cis@rhel8: 5.1.7
|
|
|
dac76a |
nist: CM-6(a),AC-6(1)
|
|
|
dac76a |
nist-csf: PR.AC-4,PR.DS-5
|
|
|
dac76a |
srg: SRG-OS-000480-GPOS-00227
|