|
 |
ff1465 |
commit 3c9a97de3a91b2a8fd85f13bb902e2529dd6fa67
|
|
|
ff1465 |
Author: Watson Sato <wsato@redhat.com>
|
|
|
ff1465 |
Date: Fri Feb 25 13:51:41 2022 +0100
|
|
|
ff1465 |
|
|
|
ff1465 |
Manual edited patch scap-security-guide-0.1.61-add_RHEL_08_010331-PR_8055.patch.
|
|
|
ff1465 |
|
|
|
ff1465 |
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/ansible/shared.yml
|
|
|
ff1465 |
index 8a28af0..02c69bd 100644
|
|
|
ff1465 |
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/ansible/shared.yml
|
|
|
ff1465 |
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/ansible/shared.yml
|
|
|
ff1465 |
@@ -1,4 +1,4 @@
|
|
|
ff1465 |
-# platform = multi_platform_sle
|
|
|
ff1465 |
+# platform = multi_platform_all
|
|
|
ff1465 |
# reboot = false
|
|
|
ff1465 |
# strategy = restrict
|
|
|
ff1465 |
# complexity = high
|
|
|
ff1465 |
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
|
|
|
ff1465 |
index a0f5aeb..853f8ac 100644
|
|
|
ff1465 |
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
|
|
|
ff1465 |
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
|
|
|
ff1465 |
@@ -31,6 +31,8 @@ rationale: |-
|
|
|
ff1465 |
of initiating changes, including upgrades and modifications.
|
|
|
ff1465 |
|
|
|
ff1465 |
identifiers:
|
|
|
ff1465 |
+ cce@rhel8: CCE-88692-9
|
|
|
ff1465 |
+ cce@rhel9: CCE-88693-7
|
|
|
ff1465 |
cce@sle12: CCE-83234-5
|
|
|
ff1465 |
cce@sle15: CCE-85753-2
|
|
|
ff1465 |
|
|
|
ff1465 |
@@ -40,6 +42,8 @@ references:
|
|
|
ff1465 |
disa: CCI-001499
|
|
|
ff1465 |
nerc-cip: CIP-003-3 R6
|
|
|
ff1465 |
nist: CM-5,CM-5(6),CM-5(6).1
|
|
|
ff1465 |
+ srg: SRG-OS-000259-GPOS-00100
|
|
|
ff1465 |
+ stigid@rhel8: RHEL-08-010331
|
|
|
ff1465 |
stigid@sle12: SLES-12-010872
|
|
|
ff1465 |
stigid@sle15: SLES-15-010352
|
|
|
ff1465 |
stigid@ubuntu2004: UBTU-20-010427
|
|
|
ff1465 |
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
|
|
|
ff1465 |
index af07846..6e957c3 100644
|
|
|
ff1465 |
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
|
|
|
ff1465 |
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
|
|
|
ff1465 |
@@ -1,4 +1,4 @@
|
|
|
ff1465 |
-# platform = multi_platform_sle,multi_platform_ubuntu
|
|
|
ff1465 |
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
|
|
|
ff1465 |
DIRS="/lib /lib64 /usr/lib /usr/lib64"
|
|
|
ff1465 |
for dirPath in $DIRS; do
|
|
|
ff1465 |
find "$dirPath" -perm /022 -type d -exec chmod go-w '{}' \;
|
|
|
ff1465 |
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
|
|
|
ff1465 |
index d58616b..55ff9ce 100644
|
|
|
ff1465 |
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
|
|
|
ff1465 |
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
|
|
|
ff1465 |
@@ -1,4 +1,4 @@
|
|
|
ff1465 |
-# platform = multi_platform_sle,multi_platform_ubuntu
|
|
|
ff1465 |
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
|
|
|
ff1465 |
DIRS="/lib /lib64 /usr/lib /usr/lib64"
|
|
|
ff1465 |
for dirPath in $DIRS; do
|
|
|
ff1465 |
chmod -R 755 "$dirPath"
|
|
|
ff1465 |
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
|
|
|
ff1465 |
index 98d18cd..c2b5b6b 100644
|
|
|
ff1465 |
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
|
|
|
ff1465 |
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
|
|
|
ff1465 |
@@ -1,4 +1,4 @@
|
|
|
ff1465 |
-# platform = multi_platform_sle,multi_platform_ubuntu
|
|
|
ff1465 |
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
|
|
|
ff1465 |
DIRS="/lib /lib64"
|
|
|
ff1465 |
for dirPath in $DIRS; do
|
|
|
ff1465 |
mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme"
|
|
|
ff1465 |
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
|
|
|
ff1465 |
index 6df6e2f..40e6c42 100644
|
|
|
ff1465 |
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
|
|
|
ff1465 |
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
|
|
|
ff1465 |
@@ -1,4 +1,4 @@
|
|
|
ff1465 |
-# platform = multi_platform_sle,multi_platform_ubuntu
|
|
|
ff1465 |
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
|
|
|
ff1465 |
DIRS="/usr/lib /usr/lib64"
|
|
|
ff1465 |
for dirPath in $DIRS; do
|
|
|
ff1465 |
mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme"
|
|
|
ff1465 |
diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile
|
|
|
ff1465 |
index adeae4a..fab5f3f 100644
|
|
|
ff1465 |
--- a/products/rhel8/profiles/cjis.profile
|
|
|
ff1465 |
+++ b/products/rhel8/profiles/cjis.profile
|
|
|
ff1465 |
@@ -77,6 +77,7 @@ selections:
|
|
|
ff1465 |
- accounts_password_pam_difok
|
|
|
ff1465 |
- accounts_max_concurrent_login_sessions
|
|
|
ff1465 |
- set_password_hashing_algorithm_systemauth
|
|
|
ff1465 |
+ - set_password_hashing_algorithm_passwordauth
|
|
|
ff1465 |
- set_password_hashing_algorithm_logindefs
|
|
|
ff1465 |
- set_password_hashing_algorithm_libuserconf
|
|
|
ff1465 |
- file_owner_etc_shadow
|
|
|
ff1465 |
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
|
|
|
ff1465 |
index 5d03125..d51e53a 100644
|
|
|
ff1465 |
--- a/products/rhel8/profiles/stig.profile
|
|
|
ff1465 |
+++ b/products/rhel8/profiles/stig.profile
|
|
|
ff1465 |
@@ -224,6 +224,9 @@ selections:
|
|
|
ff1465 |
# RHEL-08-010330
|
|
|
ff1465 |
- file_permissions_library_dirs
|
|
|
ff1465 |
|
|
|
ff1465 |
+ # RHEL-08-010331
|
|
|
ff1465 |
+ - dir_permissions_library_dirs
|
|
|
ff1465 |
+
|
|
|
ff1465 |
# RHEL-08-010340
|
|
|
ff1465 |
- file_ownership_library_dirs
|
|
|
ff1465 |
|
|
|
ff1465 |
diff --git a/products/rhel9/profiles/stig.profile b/products/rhel9/profiles/stig.profile
|
|
|
ff1465 |
index 9acb63a..b751a74 100644
|
|
|
ff1465 |
--- a/products/rhel9/profiles/stig.profile
|
|
|
ff1465 |
+++ b/products/rhel9/profiles/stig.profile
|
|
|
ff1465 |
@@ -195,6 +195,9 @@ selections:
|
|
|
ff1465 |
# RHEL-08-010330
|
|
|
ff1465 |
- file_permissions_library_dirs
|
|
|
ff1465 |
|
|
|
ff1465 |
+ # RHEL-08-010331
|
|
|
ff1465 |
+ - dir_permissions_library_dirs
|
|
|
ff1465 |
+
|
|
|
ff1465 |
# RHEL-08-010340
|
|
|
ff1465 |
- file_ownership_library_dirs
|
|
|
ff1465 |
|
|
|
ff1465 |
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
|
|
|
ff1465 |
index 1b83798..fef5fd8 100644
|
|
|
ff1465 |
--- a/shared/references/cce-redhat-avail.txt
|
|
|
ff1465 |
+++ b/shared/references/cce-redhat-avail.txt
|
|
|
ff1465 |
@@ -2758,8 +2758,6 @@ CCE-88688-7
|
|
|
ff1465 |
CCE-88689-5
|
|
|
ff1465 |
CCE-88690-3
|
|
|
ff1465 |
CCE-88691-1
|
|
|
ff1465 |
-CCE-88692-9
|
|
|
ff1465 |
-CCE-88693-7
|
|
|
ff1465 |
CCE-88694-5
|
|
|
ff1465 |
CCE-88695-2
|
|
|
ff1465 |
CCE-88696-0
|
|
|
ff1465 |
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
|
|
|
ff1465 |
index e4f9dd8..3b4b43a 100644
|
|
|
ff1465 |
--- a/tests/data/profile_stability/rhel8/stig.profile
|
|
|
ff1465 |
+++ b/tests/data/profile_stability/rhel8/stig.profile
|
|
|
ff1465 |
@@ -175,6 +175,7 @@ selections:
|
|
|
ff1465 |
- dconf_gnome_screensaver_idle_delay
|
|
|
ff1465 |
- dconf_gnome_screensaver_lock_enabled
|
|
|
ff1465 |
- dir_group_ownership_library_dirs
|
|
|
ff1465 |
+- dir_permissions_library_dirs
|
|
|
ff1465 |
- dir_perms_world_writable_root_owned
|
|
|
ff1465 |
- dir_perms_world_writable_sticky_bits
|
|
|
ff1465 |
- directory_group_ownership_var_log_audit
|
|
|
ff1465 |
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
|
|
|
ff1465 |
index d37d2ec..2e0e161 100644
|
|
|
ff1465 |
--- a/tests/data/profile_stability/rhel8/stig_gui.profile
|
|
|
ff1465 |
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
|
|
|
ff1465 |
@@ -186,6 +186,7 @@ selections:
|
|
|
ff1465 |
- dconf_gnome_screensaver_idle_delay
|
|
|
ff1465 |
- dconf_gnome_screensaver_lock_enabled
|
|
|
ff1465 |
- dir_group_ownership_library_dirs
|
|
|
ff1465 |
+- dir_permissions_library_dirs
|
|
|
ff1465 |
- dir_perms_world_writable_root_owned
|
|
|
ff1465 |
- dir_perms_world_writable_sticky_bits
|
|
|
ff1465 |
- directory_group_ownership_var_log_audit
|