Blame SOURCES/scap-security-guide-0.1.58-RHEL_08_030610-PR_7256.patch

889f2b
From 8455c8556a6d828b15ebc62cf511e484dd626a36 Mon Sep 17 00:00:00 2001
889f2b
From: Matthew Burket <mburket@redhat.com>
889f2b
Date: Fri, 16 Jul 2021 13:16:12 -0500
889f2b
Subject: [PATCH] Add rules for RHEL-08-030610
889f2b
889f2b
Added two rules, one for each of the paths mentioned in the STIG.
889f2b
---
889f2b
 .../rule.yml                                  | 35 ++++++++++++++++++
889f2b
 .../tests/correct_permissions.pass.sh         |  6 ++++
889f2b
 .../tests/incorrect_permissions.fail.sh       |  6 ++++
889f2b
 .../rule.yml                                  | 36 +++++++++++++++++++
889f2b
 .../tests/correct_permissions.pass.sh         |  6 ++++
889f2b
 .../tests/incorrect_permissions.fail.sh       |  6 ++++
889f2b
 products/rhel8/profiles/stig.profile          |  2 ++
889f2b
 shared/references/cce-redhat-avail.txt        |  2 --
889f2b
 .../data/profile_stability/rhel8/stig.profile |  2 ++
889f2b
 .../profile_stability/rhel8/stig_gui.profile  |  2 ++
889f2b
 10 files changed, 101 insertions(+), 2 deletions(-)
889f2b
 create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
889f2b
 create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh
889f2b
 create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh
889f2b
 create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
889f2b
 create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh
889f2b
 create mode 100644 linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh
889f2b
889f2b
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
889f2b
new file mode 100644
889f2b
index 0000000000..1cde3ded5f
889f2b
--- /dev/null
889f2b
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
889f2b
@@ -0,0 +1,35 @@
889f2b
+documentation_complete: true
889f2b
+
889f2b
+prodtype: fedora,rhel8
889f2b
+
889f2b
+title: 'Verify Permissions on /etc/audit/auditd.conf'
889f2b
+
889f2b
+description: |-
889f2b
+    {{{ describe_file_permissions(file="/etc/audit/auditd.conf", perms="0640") }}}
889f2b
+
889f2b
+
889f2b
+rationale: |-
889f2b
+    Without the capability to restrict the roles and individuals that can select which events
889f2b
+    are audited, unauthorized personnel may be able to prevent the auditing of critical
889f2b
+    events. Misconfigured audits may degrade the system's performance by overwhelming
889f2b
+    the audit log. Misconfigured audits may also make it more difficult to establish,
889f2b
+    correlate, and investigate the events relating to an incident or identify
889f2b
+    those responsible for one.
889f2b
+
889f2b
+severity: medium
889f2b
+
889f2b
+identifiers:
889f2b
+    cce@rhel8: CCE-85871-2
889f2b
+
889f2b
+references:
889f2b
+    disa: CCI-000171
889f2b
+    nist: AU-12(b)
889f2b
+    srg: SRG-OS-000063-GPOS-00032
889f2b
+    stigid@rhel8: RHEL-08-030610
889f2b
+
889f2b
+template:
889f2b
+    name: file_permissions
889f2b
+    vars:
889f2b
+      filepath: /etc/audit/auditd.conf
889f2b
+      allow_stricter_permissions: "true"
889f2b
+      filemode: '0640'
889f2b
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh
889f2b
new file mode 100644
889f2b
index 0000000000..8c9b782920
889f2b
--- /dev/null
889f2b
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/correct_permissions.pass.sh
889f2b
@@ -0,0 +1,6 @@
889f2b
+#!/bin/bash
889f2b
+
889f2b
+export TESTFILE=/etc/audit/auditd.conf
889f2b
+mkdir -p /etc/audit/
889f2b
+touch $TESTFILE
889f2b
+chmod 0640 $TESTFILE
889f2b
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh
889f2b
new file mode 100644
889f2b
index 0000000000..a460e0dddd
889f2b
--- /dev/null
889f2b
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/incorrect_permissions.fail.sh
889f2b
@@ -0,0 +1,6 @@
889f2b
+#!/bin/bash
889f2b
+
889f2b
+export TESTFILLE=/etc/audit/auditd.conf
889f2b
+mkdir -p /etc/audit/
889f2b
+touch $TESTFILLE
889f2b
+chmod 0644 $TESTFILLE
889f2b
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
889f2b
new file mode 100644
889f2b
index 0000000000..34e1f30367
889f2b
--- /dev/null
889f2b
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
889f2b
@@ -0,0 +1,36 @@
889f2b
+documentation_complete: true
889f2b
+
889f2b
+prodtype: fedora,rhel8
889f2b
+
889f2b
+title: 'Verify Permissions on /etc/audit/rules.d/*.rules'
889f2b
+
889f2b
+description: |-
889f2b
+    {{{ describe_file_permissions(file="/etc/audit/rules.d/*.rules", perms="0640") }}}
889f2b
+
889f2b
+
889f2b
+rationale: |-
889f2b
+    Without the capability to restrict the roles and individuals that can select which events
889f2b
+    are audited, unauthorized personnel may be able to prevent the auditing of critical
889f2b
+    events. Misconfigured audits may degrade the system's performance by overwhelming
889f2b
+    the audit log. Misconfigured audits may also make it more difficult to establish,
889f2b
+    correlate, and investigate the events relating to an incident or identify
889f2b
+    those responsible for one.
889f2b
+
889f2b
+severity: medium
889f2b
+
889f2b
+identifiers:
889f2b
+    cce@rhel8: CCE-85875-3
889f2b
+
889f2b
+references:
889f2b
+    disa: CCI-000171
889f2b
+    nist: AU-12(b)
889f2b
+    srg: SRG-OS-000063-GPOS-00032
889f2b
+    stigid@rhel8: RHEL-08-030610
889f2b
+
889f2b
+template:
889f2b
+    name: file_permissions
889f2b
+    vars:
889f2b
+      filepath: /etc/audit/rules.d/
889f2b
+      file_regex: ^.*rules$
889f2b
+      allow_stricter_permissions: "true"
889f2b
+      filemode: '0640'
889f2b
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh
889f2b
new file mode 100644
889f2b
index 0000000000..b0a20248c3
889f2b
--- /dev/null
889f2b
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/correct_permissions.pass.sh
889f2b
@@ -0,0 +1,6 @@
889f2b
+#!/bin/bash
889f2b
+
889f2b
+export TESTFILE=/etc/audit/rules.d/test_rule.rules
889f2b
+mkdir -p /etc/audit/rules.d/
889f2b
+touch $TESTFILE
889f2b
+chmod 0640 $TESTFILE
889f2b
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh
889f2b
new file mode 100644
889f2b
index 0000000000..c7fd3a95e9
889f2b
--- /dev/null
889f2b
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/incorrect_permissions.fail.sh
889f2b
@@ -0,0 +1,6 @@
889f2b
+#!/bin/bash
889f2b
+
889f2b
+export TESTFILLE=/etc/audit/rules.d/test_rule.rules
889f2b
+mkdir -p /etc/audit/rules.d/
889f2b
+touch $TESTFILLE
889f2b
+chmod 0644 $TESTFILLE
889f2b
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
889f2b
index 26d0aa9922..5a0a520ee0 100644
889f2b
--- a/products/rhel8/profiles/stig.profile
889f2b
+++ b/products/rhel8/profiles/stig.profile
889f2b
@@ -801,6 +801,8 @@ selections:
889f2b
     - configure_usbguard_auditbackend
889f2b
 
889f2b
     # RHEL-08-030610
889f2b
+    - file_permissions_etc_audit_auditd
889f2b
+    - file_permissions_etc_audit_rulesd
889f2b
 
889f2b
     # RHEL-08-030620
889f2b
 
889f2b
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
889f2b
index ae3375fd4d..24e8149168 100644
889f2b
--- a/shared/references/cce-redhat-avail.txt
889f2b
+++ b/shared/references/cce-redhat-avail.txt
889f2b
@@ -11,11 +11,9 @@ CCE-85867-0
889f2b
 CCE-85868-8
889f2b
 CCE-85869-6
889f2b
 CCE-85870-4
889f2b
-CCE-85871-2
889f2b
 CCE-85872-0
889f2b
 CCE-85873-8
889f2b
 CCE-85874-6
889f2b
-CCE-85875-3
889f2b
 CCE-85876-1
889f2b
 CCE-85877-9
889f2b
 CCE-85878-7
889f2b
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
889f2b
index a1de1f5561..4be3cf93c2 100644
889f2b
--- a/tests/data/profile_stability/rhel8/stig.profile
889f2b
+++ b/tests/data/profile_stability/rhel8/stig.profile
889f2b
@@ -123,6 +123,8 @@ selections:
889f2b
 - file_ownership_var_log_audit
889f2b
 - file_permission_user_init_files
889f2b
 - file_permissions_binary_dirs
889f2b
+- file_permissions_etc_audit_auditd
889f2b
+- file_permissions_etc_audit_rulesd
889f2b
 - file_permissions_home_directories
889f2b
 - file_permissions_library_dirs
889f2b
 - file_permissions_sshd_private_key
889f2b
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
889f2b
index b7d2be3af3..20b8a54861 100644
889f2b
--- a/tests/data/profile_stability/rhel8/stig_gui.profile
889f2b
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
889f2b
@@ -134,6 +134,8 @@ selections:
889f2b
 - file_ownership_var_log_audit
889f2b
 - file_permission_user_init_files
889f2b
 - file_permissions_binary_dirs
889f2b
+- file_permissions_etc_audit_auditd
889f2b
+- file_permissions_etc_audit_rulesd
889f2b
 - file_permissions_home_directories
889f2b
 - file_permissions_library_dirs
889f2b
 - file_permissions_sshd_private_key