Skip to content

Commit

Permalink
Merge pull request #2 from sunayu/update_v2_r1
Browse files Browse the repository at this point in the history 
Update v2 r1
  • Loading branch information
@justin-sunayu
justin-sunayu authored Jan 16, 2019
2 parents d3e94ea + 9ebbdff commit 2725430
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 39 deletions.
72 changes: 36 additions & 36 deletions checklist/sunayu_rhel7_v2_r1.ckl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6718,7 +6718,7 @@ clean_requirements_on_remove=1</ATTRIBUTE_DATA>
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-002617</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>NotAFinding</STATUS>
<STATUS>Not_Reviewed</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -7735,7 +7735,7 @@ If GIDs referenced in "/etc/passwd" file are returned as not defined in "/etc/gr
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000764</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Not_Applicable</STATUS>
<STATUS>Not_Reviewed</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -11168,7 +11168,7 @@ If a separate entry for the file system/partition that contains the non-privileg
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Not_Applicable</STATUS>
<STATUS>Not_Reviewed</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -11282,7 +11282,7 @@ If a separate entry for "/var" is not in use, this is a finding.</ATTRIBUTE_DATA
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Not_Applicable</STATUS>
<STATUS>Not_Reviewed</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -11399,7 +11399,7 @@ If no result is returned, or "/var/log/audit" is not on a separate file system,
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Not_Applicable</STATUS>
<STATUS>Not_Reviewed</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -11515,7 +11515,7 @@ If the "tmp.mount" service is not enabled, this is a finding.</ATTRIBUTE_DATA>
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>NotAFinding</STATUS>
<STATUS>Not_Reviewed</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -11836,7 +11836,7 @@ If AIDE is installed, ensure the "acl" rule is present on all uncommented file a
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>NotAFinding</STATUS>
<STATUS>Not_Reviewed</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -11969,7 +11969,7 @@ If AIDE is installed, ensure the "xattrs" rule is present on all uncommented fil
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>NotAFinding</STATUS>
<STATUS>Not_Reviewed</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -20887,7 +20887,7 @@ Add the following line to the top of the /etc/security/limits.conf:
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000054</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>NotAFinding</STATUS>
<STATUS>Not_Reviewed</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -24567,7 +24567,7 @@ Start the firewall via "systemctl" with the following command:
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -24685,7 +24685,7 @@ session required pam_lastlog.so showfailed</ATTRIBUTE_DATA>
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>NotAFinding</STATUS>
<STATUS>Not_Reviewed</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -25054,7 +25054,7 @@ If the "/etc/resolv.conf" file must be mutable, the required configuration must
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Not_Applicable</STATUS>
<STATUS>Not_Reviewed</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -26903,7 +26903,7 @@ Ensure the "sec" option is defined as "krb5:krb5i:krb5p".</ATTRIBUTE_DATA>
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>Not_Applicable</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -27172,7 +27172,7 @@ If "firewalld" is not "active", enable "tcpwrappers" by configuring "/etc/hosts.
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -27299,7 +27299,7 @@ If "libreswan" is installed, "IPsec" is active, and an undocumented tunnel is ac
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -27845,7 +27845,7 @@ Modify all of the "cert_policy" lines in "/etc/pam_pkcs11/pam_pkcs11.conf" to in
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -28117,7 +28117,7 @@ Add the setting to lock the session idle delay:
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000057</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -28360,7 +28360,7 @@ If no results are returned and use of NFS imported binaries is not documented wi
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>Not_Applicable</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -28478,7 +28478,7 @@ network_failure_action = syslog</ATTRIBUTE_DATA>
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Not_Applicable</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -28613,7 +28613,7 @@ The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DA
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -28748,7 +28748,7 @@ The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DA
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -28883,7 +28883,7 @@ The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DA
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -29019,7 +29019,7 @@ The audit daemon must be restarted for the changes to take effect:
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -29273,7 +29273,7 @@ If a wireless interface is configured and its use on the system is not documente
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-002418</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>Not_Applicable</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -29422,7 +29422,7 @@ Update the system databases:
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-001954</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>Not_Applicable</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -29551,7 +29551,7 @@ blacklist dccp</ATTRIBUTE_DATA>
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-001958</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -29670,7 +29670,7 @@ ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block d
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000213</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -29799,7 +29799,7 @@ Issue the following command to make the changes take effect:
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -30070,7 +30070,7 @@ The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DA
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -30202,7 +30202,7 @@ The audit daemon must be restarted for the changes to take effect.</ATTRIBUTE_DA
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000172</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -30318,7 +30318,7 @@ password substack system-auth</ATTRIBUTE_DATA>
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-000192</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -30713,7 +30713,7 @@ If no results are returned, this is a finding.</ATTRIBUTE_DATA>
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>Not_Reviewed</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -30834,7 +30834,7 @@ If no results are returned, this is a finding.</ATTRIBUTE_DATA>
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>Not_Reviewed</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -30955,7 +30955,7 @@ If no results are returned, this is a finding.</ATTRIBUTE_DATA>
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-001764</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>Not_Reviewed</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -31078,7 +31078,7 @@ The audit daemon must be restarted for changes to take effect:
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down Expand Up @@ -31213,7 +31213,7 @@ The audit daemon must be restarted for changes to take effect:
<VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
<ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
</STIG_DATA>
<STATUS>Open</STATUS>
<STATUS>NotAFinding</STATUS>
<FINDING_DETAILS></FINDING_DETAILS>
<COMMENTS></COMMENTS>
<SEVERITY_OVERRIDE></SEVERITY_OVERRIDE>
Expand Down
Empty file added ci_testing_dummy_file
View file
Empty file.
4 changes: 2 additions & 2 deletions disa_stig7/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ This formula is created to enfofce the rhel/centos disa 7 stigs

Has been tested on

* RHEL 7.4
* CentOS 7.4
* RHEL 7.6
* CentOS 7.6

Required:

Expand Down
2 changes: 1 addition & 1 deletion disa_stig7/VERSION
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
Red Hat 7 STIG - Ver 1, Rel 4
Red Hat 7 STIG - Ver 2, Rel 1
7 changes: 7 additions & 0 deletions disa_stig7/cat2/aide.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,13 @@ aide config settings DATAONLY:
^DATAONLY\s*=.+$
- repl: "DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512\n"

aide config settings NORMAL:
file.replace:
- name: /etc/aide.conf
- pattern: |
^NORMAL\s*=.+$
- repl: "NORMAL = FIPSR+sha512\n"

# CAT2
# RHEL-07-020130
# RHEL-07-020140
Expand Down

0 comments on commit 2725430

Please sign in to comment.