content icon indicating copy to clipboard operation
content copied to clipboard

Published 20 hours ago verified publisher icon ComplianceAsCode

RHEL10 ISM O - Rules missing `ism` reference

Open mildas opened this issue 1 year ago • 2 comments

Description of problem:

A lot of ISM O rules doesn't have ism reference. The list of affected rules:

  • audit_rules_login_events_tallylog
  • sshd_disable_x11_forwarding
  • service_fapolicyd_enabled
  • service_telnet_disabled
  • sshd_set_loglevel_info
  • dir_perms_world_writable_sticky_bits
  • audit_rules_login_events
  • auditd_data_retention_flush
  • sshd_do_not_permit_user_env
  • audit_rules_execution_setsebool
  • rpm_verify_hashes
  • package_quagga_removed
  • selinux_policytype
  • network_sniffer_disabled
  • accounts_no_uid_except_zero
  • sshd_disable_root_login
  • audit_rules_time_clock_settime
  • sshd_disable_rhosts
  • configure_ssh_crypto_policy
  • audit_rules_time_settimeofday
  • audit_rules_execution_setfiles
  • audit_rules_login_events_lastlog
  • file_permissions_sshd_private_key
  • package_squid_removed
  • service_rsyslog_enabled
  • sudo_remove_nopasswd
  • audit_rules_time_stime
  • dnf-automatic_security_updates_only
  • sysctl_kernel_exec_shield
  • audit_rules_dac_modification_chown
  • audit_rules_time_watch_localtime
  • auditd_write_logs
  • file_permissions_unauthorized_world_writable
  • file_ownership_library_dirs
  • audit_rules_execution_semanage
  • sudo_require_authentication
  • sshd_enable_warning_banner
  • auditd_freq
  • service_avahi-daemon_disabled
  • audit_rules_execution_restorecon
  • sysctl_kernel_yama_ptrace_scope
  • sysctl_kernel_unprivileged_bpf_disabled
  • audit_rules_dac_modification_chmod
  • service_auditd_enabled
  • file_permissions_library_dirs
  • mount_option_dev_shm_noexec
  • sysctl_kernel_kexec_load_disabled
  • mount_option_dev_shm_nodev
  • mount_option_dev_shm_nosuid
  • file_ownership_binary_dirs
  • ensure_gpgcheck_globally_activated
  • sysctl_kernel_randomize_va_space
  • package_fapolicyd_installed
  • file_permissions_binary_dirs
  • audit_rules_sysadmin_actions
  • audit_rules_execution_chcon
  • sudo_remove_no_authenticate
  • no_empty_passwords
  • file_permissions_unauthorized_suid
  • audit_rules_networkconfig_modification
  • sshd_print_last_log
  • enable_authselect
  • sysctl_kernel_dmesg_restrict
  • service_squid_disabled
  • selinux_state
  • sshd_disable_user_known_hosts
  • package_rsyslog_installed
  • file_permissions_unauthorized_sgid
  • package_rear_installed
  • sshd_disable_empty_passwords
  • sysctl_kernel_kptr_restrict
  • auditd_name_format
  • audit_rules_kernel_module_loading
  • package_telnet-server_removed
  • service_firewalld_enabled
  • package_telnet_removed
  • sshd_enable_strictmodes
  • ensure_gpgcheck_local_packages
  • package_firewalld_installed
  • audit_rules_login_events_faillock
  • audit_rules_time_adjtimex
  • audit_rules_execution_seunshare
  • auditd_local_events
  • sshd_use_directory_configuration
  • ensure_gpgcheck_never_disabled
  • ensure_redhat_gpgkey_installed
  • auditd_log_format
  • sysctl_net_core_bpf_jit_harden

SCAP Security Guide Version:

master

Operating System Version:

RHEL 10

mildas avatar Sep 26 '24 08:09 mildas

With this many missing should move to using the control generated references for ISM?

Mab879 avatar Sep 30 '24 21:09 Mab879

Yes, that would be best to have it in controls file

mildas avatar Oct 01 '24 07:10 mildas

Reopening, following rules are still missing ism reference:

file_ownership_binary_dirs
sysctl_kernel_dmesg_restrict
sshd_disable_root_login
service_avahi-daemon_disabled
sudo_remove_no_authenticate
service_rsyslog_enabled
audit_rules_execution_restorecon
audit_rules_usergroup_modification_passwd
sysctl_net_core_bpf_jit_harden
audit_rules_time_watch_localtime
auditd_name_format
service_firewalld_enabled
auditd_freq
audit_rules_login_events_faillock
no_empty_passwords
file_ownership_library_dirs
audit_rules_sysadmin_actions
file_permissions_unauthorized_suid
package_fapolicyd_installed
file_permissions_binary_dirs
audit_rules_execution_semanage
service_auditd_enabled
accounts_no_uid_except_zero
audit_rules_kernel_module_loading
file_permissions_unauthorized_sgid
sshd_do_not_permit_user_env
network_sniffer_disabled
configure_ssh_crypto_policy
sshd_enable_strictmodes
package_telnet-server_removed
dir_perms_world_writable_sticky_bits
auditd_data_retention_flush
mount_option_dev_shm_nodev
audit_rules_time_adjtimex
package_squid_removed
selinux_policytype
auditd_local_events
audit_rules_usergroup_modification_group
ensure_gpgcheck_globally_activated
sshd_use_directory_configuration
service_fapolicyd_enabled
package_rsyslog_installed
package_telnet_removed
audit_rules_networkconfig_modification
sysctl_kernel_kptr_restrict
auditd_write_logs
audit_rules_execution_setsebool
ensure_gpgcheck_local_packages
mount_option_dev_shm_noexec
service_squid_disabled
audit_rules_execution_setfiles
sysctl_kernel_unprivileged_bpf_disabled
selinux_state
sysctl_kernel_yama_ptrace_scope
ensure_gpgcheck_never_disabled
file_permissions_library_dirs
audit_rules_time_clock_settime
audit_rules_time_settimeofday
audit_rules_execution_chcon
mount_option_dev_shm_nosuid
package_firewalld_installed
sysctl_kernel_kexec_load_disabled
sshd_disable_empty_passwords
audit_rules_dac_modification_chmod
sudo_remove_nopasswd
ensure_redhat_gpgkey_installed
sudo_require_authentication
service_telnet_disabled
audit_rules_time_stime
sshd_disable_user_known_hosts
dnf-automatic_security_updates_only
sshd_set_loglevel_info
sysctl_kernel_randomize_va_space
audit_rules_execution_seunshare
audit_rules_usergroup_modification_opasswd
audit_rules_dac_modification_chown
sshd_disable_rhosts
audit_rules_usergroup_modification_gshadow
file_permissions_unauthorized_world_writable
sysctl_kernel_exec_shield
audit_rules_usergroup_modification_shadow
auditd_log_format

matusmarhefka avatar Oct 14 '25 16:10 matusmarhefka

Seems we forgot that ISM O inherits from e8 and that is what seems to be missing refs.

Mab879 avatar Oct 14 '25 16:10 Mab879