|
 |
cf5f1e |
From 2bfdf9fa7e8309b079e657460671818e77b9a233 Mon Sep 17 00:00:00 2001
|
|
|
cf5f1e |
From: Watson Sato <wsato@redhat.com>
|
|
|
cf5f1e |
Date: Mon, 13 Feb 2023 17:49:15 +0100
|
|
|
cf5f1e |
Subject: [PATCH 5/5] remove rule logind_session_timeout and associated
|
|
|
cf5f1e |
variable from profiles
|
|
|
cf5f1e |
|
|
|
cf5f1e |
Patch-name: scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch
|
|
|
cf5f1e |
Patch-status: remove rule logind_session_timeout and associated variable from profiles
|
|
|
cf5f1e |
---
|
|
|
cf5f1e |
controls/anssi.yml | 2 --
|
|
|
cf5f1e |
products/rhel8/profiles/cjis.profile | 2 --
|
|
|
cf5f1e |
products/rhel8/profiles/ospp.profile | 2 --
|
|
|
cf5f1e |
products/rhel8/profiles/pci-dss.profile | 2 --
|
|
|
cf5f1e |
products/rhel8/profiles/rht-ccp.profile | 2 --
|
|
|
cf5f1e |
tests/data/profile_stability/rhel8/ospp.profile | 2 --
|
|
|
cf5f1e |
tests/data/profile_stability/rhel8/pci-dss.profile | 2 --
|
|
|
cf5f1e |
7 files changed, 14 deletions(-)
|
|
|
cf5f1e |
|
|
|
cf5f1e |
diff --git a/controls/anssi.yml b/controls/anssi.yml
|
|
|
cf5f1e |
index 607ce976ef..9e631d1de4 100644
|
|
|
cf5f1e |
--- a/controls/anssi.yml
|
|
|
cf5f1e |
+++ b/controls/anssi.yml
|
|
|
cf5f1e |
@@ -676,8 +676,6 @@ controls:
|
|
|
cf5f1e |
- var_accounts_tmout=10_min
|
|
|
cf5f1e |
- sshd_set_idle_timeout
|
|
|
cf5f1e |
- sshd_idle_timeout_value=10_minutes
|
|
|
cf5f1e |
- - logind_session_timeout
|
|
|
cf5f1e |
- - var_logind_session_timeout=10_minutes
|
|
|
cf5f1e |
- sshd_set_keepalive
|
|
|
cf5f1e |
|
|
|
cf5f1e |
- id: R30
|
|
|
cf5f1e |
diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile
|
|
|
cf5f1e |
index 22ae5aac72..30843b692e 100644
|
|
|
cf5f1e |
--- a/products/rhel8/profiles/cjis.profile
|
|
|
cf5f1e |
+++ b/products/rhel8/profiles/cjis.profile
|
|
|
cf5f1e |
@@ -104,7 +104,6 @@ selections:
|
|
|
cf5f1e |
- sshd_allow_only_protocol2
|
|
|
cf5f1e |
- sshd_set_idle_timeout
|
|
|
cf5f1e |
- var_sshd_set_keepalive=0
|
|
|
cf5f1e |
- - logind_session_timeout
|
|
|
cf5f1e |
- sshd_set_keepalive_0
|
|
|
cf5f1e |
- disable_host_auth
|
|
|
cf5f1e |
- sshd_disable_root_login
|
|
|
cf5f1e |
@@ -120,7 +119,6 @@ selections:
|
|
|
cf5f1e |
- set_firewalld_default_zone
|
|
|
cf5f1e |
- firewalld_sshd_port_enabled
|
|
|
cf5f1e |
- sshd_idle_timeout_value=30_minutes
|
|
|
cf5f1e |
- - var_logind_session_timeout=30_minutes
|
|
|
cf5f1e |
- inactivity_timeout_value=30_minutes
|
|
|
cf5f1e |
- sysctl_net_ipv4_conf_default_accept_source_route
|
|
|
cf5f1e |
- sysctl_net_ipv4_tcp_syncookies
|
|
|
cf5f1e |
diff --git a/products/rhel8/profiles/ospp.profile b/products/rhel8/profiles/ospp.profile
|
|
|
cf5f1e |
index 0fe17b2085..fb46ab4c0c 100644
|
|
|
cf5f1e |
--- a/products/rhel8/profiles/ospp.profile
|
|
|
cf5f1e |
+++ b/products/rhel8/profiles/ospp.profile
|
|
|
cf5f1e |
@@ -300,8 +300,6 @@ selections:
|
|
|
cf5f1e |
## We deliberately set sshd timeout to 1 minute before tmux lock timeout
|
|
|
cf5f1e |
- sshd_idle_timeout_value=14_minutes
|
|
|
cf5f1e |
- sshd_set_idle_timeout
|
|
|
cf5f1e |
- - logind_session_timeout
|
|
|
cf5f1e |
- - var_logind_session_timeout=14_minutes
|
|
|
cf5f1e |
|
|
|
cf5f1e |
## Disable Unauthenticated Login (such as Guest Accounts)
|
|
|
cf5f1e |
## FIA_UAU.1
|
|
|
cf5f1e |
diff --git a/products/rhel8/profiles/pci-dss.profile b/products/rhel8/profiles/pci-dss.profile
|
|
|
cf5f1e |
index c63c5f4a07..c0c9b12773 100644
|
|
|
cf5f1e |
--- a/products/rhel8/profiles/pci-dss.profile
|
|
|
cf5f1e |
+++ b/products/rhel8/profiles/pci-dss.profile
|
|
|
cf5f1e |
@@ -17,7 +17,6 @@ selections:
|
|
|
cf5f1e |
- var_accounts_passwords_pam_faillock_deny=6
|
|
|
cf5f1e |
- var_accounts_passwords_pam_faillock_unlock_time=1800
|
|
|
cf5f1e |
- sshd_idle_timeout_value=15_minutes
|
|
|
cf5f1e |
- - var_logind_session_timeout=15_minutes
|
|
|
cf5f1e |
- var_password_pam_minlen=7
|
|
|
cf5f1e |
- var_password_pam_minclass=2
|
|
|
cf5f1e |
- var_accounts_maximum_age_login_defs=90
|
|
|
cf5f1e |
@@ -110,7 +109,6 @@ selections:
|
|
|
cf5f1e |
- dconf_gnome_screensaver_lock_enabled
|
|
|
cf5f1e |
- dconf_gnome_screensaver_mode_blank
|
|
|
cf5f1e |
- sshd_set_idle_timeout
|
|
|
cf5f1e |
- - logind_session_timeout
|
|
|
cf5f1e |
- var_sshd_set_keepalive=0
|
|
|
cf5f1e |
- sshd_set_keepalive_0
|
|
|
cf5f1e |
- accounts_password_pam_minlen
|
|
|
cf5f1e |
diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile
|
|
|
cf5f1e |
index 6856951bff..01133a9bde 100644
|
|
|
cf5f1e |
--- a/products/rhel8/profiles/rht-ccp.profile
|
|
|
cf5f1e |
+++ b/products/rhel8/profiles/rht-ccp.profile
|
|
|
cf5f1e |
@@ -12,7 +12,6 @@ selections:
|
|
|
cf5f1e |
- var_selinux_state=enforcing
|
|
|
cf5f1e |
- var_selinux_policy_name=targeted
|
|
|
cf5f1e |
- sshd_idle_timeout_value=5_minutes
|
|
|
cf5f1e |
- - var_logind_session_timeout=5_minutes
|
|
|
cf5f1e |
- var_accounts_minimum_age_login_defs=7
|
|
|
cf5f1e |
- var_accounts_passwords_pam_faillock_deny=5
|
|
|
cf5f1e |
- var_accounts_password_warn_age_login_defs=7
|
|
|
cf5f1e |
@@ -89,7 +88,6 @@ selections:
|
|
|
cf5f1e |
- package_telnet_removed
|
|
|
cf5f1e |
- sshd_allow_only_protocol2
|
|
|
cf5f1e |
- sshd_set_idle_timeout
|
|
|
cf5f1e |
- - logind_session_timeout
|
|
|
cf5f1e |
- var_sshd_set_keepalive=0
|
|
|
cf5f1e |
- sshd_set_keepalive_0
|
|
|
cf5f1e |
- disable_host_auth
|
|
|
cf5f1e |
diff --git a/tests/data/profile_stability/rhel8/ospp.profile b/tests/data/profile_stability/rhel8/ospp.profile
|
|
|
cf5f1e |
index a31f3245d8..267b66a4f8 100644
|
|
|
cf5f1e |
--- a/tests/data/profile_stability/rhel8/ospp.profile
|
|
|
cf5f1e |
+++ b/tests/data/profile_stability/rhel8/ospp.profile
|
|
|
cf5f1e |
@@ -104,7 +104,6 @@ selections:
|
|
|
cf5f1e |
- kernel_module_firewire-core_disabled
|
|
|
cf5f1e |
- kernel_module_sctp_disabled
|
|
|
cf5f1e |
- kernel_module_tipc_disabled
|
|
|
cf5f1e |
-- logind_session_timeout
|
|
|
cf5f1e |
- mount_option_boot_nodev
|
|
|
cf5f1e |
- mount_option_boot_nosuid
|
|
|
cf5f1e |
- mount_option_dev_shm_nodev
|
|
|
cf5f1e |
@@ -254,7 +253,6 @@ selections:
|
|
|
cf5f1e |
- var_password_pam_ucredit=1
|
|
|
cf5f1e |
- var_password_pam_lcredit=1
|
|
|
cf5f1e |
- sshd_idle_timeout_value=14_minutes
|
|
|
cf5f1e |
-- var_logind_session_timeout=14_minutes
|
|
|
cf5f1e |
- var_accounts_passwords_pam_faillock_deny=3
|
|
|
cf5f1e |
- var_accounts_passwords_pam_faillock_fail_interval=900
|
|
|
cf5f1e |
- var_accounts_passwords_pam_faillock_unlock_time=never
|
|
|
cf5f1e |
diff --git a/tests/data/profile_stability/rhel8/pci-dss.profile b/tests/data/profile_stability/rhel8/pci-dss.profile
|
|
|
cf5f1e |
index 5c77ea6a85..902d0084fc 100644
|
|
|
cf5f1e |
--- a/tests/data/profile_stability/rhel8/pci-dss.profile
|
|
|
cf5f1e |
+++ b/tests/data/profile_stability/rhel8/pci-dss.profile
|
|
|
cf5f1e |
@@ -109,7 +109,6 @@ selections:
|
|
|
cf5f1e |
- gid_passwd_group_same
|
|
|
cf5f1e |
- grub2_audit_argument
|
|
|
cf5f1e |
- install_hids
|
|
|
cf5f1e |
-- logind_session_timeout
|
|
|
cf5f1e |
- no_empty_passwords
|
|
|
cf5f1e |
- package_aide_installed
|
|
|
cf5f1e |
- package_audispd-plugins_installed
|
|
|
cf5f1e |
@@ -137,7 +136,6 @@ selections:
|
|
|
cf5f1e |
- var_accounts_passwords_pam_faillock_deny=6
|
|
|
cf5f1e |
- var_accounts_passwords_pam_faillock_unlock_time=1800
|
|
|
cf5f1e |
- sshd_idle_timeout_value=15_minutes
|
|
|
cf5f1e |
-- var_logind_session_timeout=15_minutes
|
|
|
cf5f1e |
- var_password_pam_minlen=7
|
|
|
cf5f1e |
- var_password_pam_minclass=2
|
|
|
cf5f1e |
- var_accounts_maximum_age_login_defs=90
|
|
|
cf5f1e |
--
|
|
|
cf5f1e |
2.39.1
|
|
|
cf5f1e |
|