STIG Compliance (#61)
This commit is contained in:
willtome
GitHub
@@ -0,0 +1,86 @@
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
__metaclass__ = type
|
||||
|
||||
from ansible.plugins.callback import CallbackBase
|
||||
from time import gmtime, strftime
|
||||
import platform
|
||||
import tempfile
|
||||
import re
|
||||
import sys
|
||||
import os
|
||||
import xml.etree.ElementTree as ET
|
||||
import xml.dom.minidom
|
||||
|
||||
class CallbackModule(CallbackBase):
|
||||
CALLBACK_VERSION = 2.0
|
||||
CALLBACK_TYPE = 'xml'
|
||||
CALLBACK_NAME = 'stig_xml'
|
||||
|
||||
CALLBACK_NEEDS_WHITELIST = True
|
||||
|
||||
def _get_STIG_path(self):
|
||||
cwd = os.path.abspath('.')
|
||||
for dirpath, dirs, files in os.walk(cwd):
|
||||
if os.path.sep + 'files' in dirpath and '.xml' in files[0]:
|
||||
return os.path.join(cwd, dirpath, files[0])
|
||||
|
||||
def __init__(self):
|
||||
super(CallbackModule, self).__init__()
|
||||
self.rules = {}
|
||||
self.stig_path = os.environ.get('STIG_PATH')
|
||||
self.XML_path = os.environ.get('XML_PATH')
|
||||
if self.stig_path is None:
|
||||
self.stig_path = self._get_STIG_path()
|
||||
self._display.display('Using STIG_PATH: {}'.format(self.stig_path))
|
||||
if self.XML_path is None:
|
||||
self.XML_path = tempfile.mkdtemp() + "/xccdf-results.xml"
|
||||
self._display.display('Using XML_PATH: {}'.format(self.XML_path))
|
||||
|
||||
print("Writing: {}".format(self.XML_path))
|
||||
STIG_name = os.path.basename(self.stig_path)
|
||||
ET.register_namespace('cdf', 'http://checklists.nist.gov/xccdf/1.2')
|
||||
self.tr = ET.Element('{http://checklists.nist.gov/xccdf/1.2}TestResult')
|
||||
self.tr.set('id', 'xccdf_mil.disa.stig_testresult_scap_mil.disa_comp_{}'.format(STIG_name))
|
||||
endtime = strftime("%Y-%m-%dT%H:%M:%S", gmtime())
|
||||
self.tr.set('end-time', endtime)
|
||||
tg = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}target')
|
||||
tg.text = platform.node()
|
||||
|
||||
def _get_rev(self, nid):
|
||||
with open(self.stig_path, 'r') as f:
|
||||
r = 'SV-{}r(?P<rev>\d+)_rule'.format(nid)
|
||||
m = re.search(r, f.read())
|
||||
if m:
|
||||
rev = m.group('rev')
|
||||
else:
|
||||
rev = '0'
|
||||
return rev
|
||||
|
||||
def v2_runner_on_ok(self, result):
|
||||
name = result._task.get_name()
|
||||
m = re.search('stigrule_(?P<id>\d+)', name)
|
||||
if m:
|
||||
nid = m.group('id')
|
||||
else:
|
||||
return
|
||||
rev = self._get_rev(nid)
|
||||
key = "{}r{}".format(nid, rev)
|
||||
if self.rules.get(key, 'Unknown') != False:
|
||||
self.rules[key] = result.is_changed()
|
||||
|
||||
def v2_playbook_on_stats(self, stats):
|
||||
for rule, changed in self.rules.items():
|
||||
state = 'fail' if changed else 'pass'
|
||||
rr = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}rule-result')
|
||||
rr.set('idref', 'xccdf_mil.disa.stig_rule_SV-{}_rule'.format(rule))
|
||||
rs = ET.SubElement(rr, '{http://checklists.nist.gov/xccdf/1.2}result')
|
||||
rs.text = state
|
||||
passing = len(self.rules) - sum(self.rules.values())
|
||||
sc = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}score')
|
||||
sc.set('maximum', str(len(self.rules)))
|
||||
sc.set('system', 'urn:xccdf:scoring:flat-unweighted')
|
||||
sc.text = str(passing)
|
||||
with open(self.XML_path, 'wb') as f:
|
||||
out = ET.tostring(self.tr)
|
||||
pretty = xml.dom.minidom.parseString(out).toprettyxml(encoding='utf-8')
|
||||
f.write(pretty)
|
||||
@@ -0,0 +1,571 @@
|
||||
# R-230225 RHEL-08-010040
|
||||
rhel8STIG_stigrule_230225_Manage: True
|
||||
rhel8STIG_stigrule_230225_banner_Line: banner /etc/issue
|
||||
# R-230226 RHEL-08-010050
|
||||
rhel8STIG_stigrule_230226_Manage: True
|
||||
rhel8STIG_stigrule_230226__etc_dconf_db_local_d_01_banner_message_Value: '''You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n-At any time, the USG may inspect and seize data stored on this IS.\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.'''
|
||||
# R-230227 RHEL-08-010060
|
||||
rhel8STIG_stigrule_230227_Manage: True
|
||||
rhel8STIG_stigrule_230227__etc_issue_Dest: /etc/issue
|
||||
rhel8STIG_stigrule_230227__etc_issue_Content: 'You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
|
||||
|
||||
By using this IS (which includes any device attached to this IS), you consent to the following conditions:
|
||||
|
||||
-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
|
||||
|
||||
-At any time, the USG may inspect and seize data stored on this IS.
|
||||
|
||||
-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
|
||||
|
||||
-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
|
||||
|
||||
-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.
|
||||
|
||||
'
|
||||
# R-230228 RHEL-08-010070
|
||||
rhel8STIG_stigrule_230228_Manage: True
|
||||
rhel8STIG_stigrule_230228__etc_rsyslog_conf_Line: 'auth.*;authpriv.*;daemon.* /var/log/secure'
|
||||
# R-230231 RHEL-08-010110
|
||||
rhel8STIG_stigrule_230231_Manage: True
|
||||
rhel8STIG_stigrule_230231__etc_login_defs_Line: 'ENCRYPT_METHOD SHA512'
|
||||
# R-230236 RHEL-08-010151
|
||||
rhel8STIG_stigrule_230236_Manage: True
|
||||
rhel8STIG_stigrule_230236__usr_lib_systemd_system_rescue_service_Value: '-/usr/lib/systemd/systemd-sulogin-shell rescue'
|
||||
# R-230239 RHEL-08-010162
|
||||
rhel8STIG_stigrule_230239_Manage: True
|
||||
rhel8STIG_stigrule_230239_krb5_workstation_State: removed
|
||||
# R-230240 RHEL-08-010170
|
||||
rhel8STIG_stigrule_230240_Manage: True
|
||||
rhel8STIG_stigrule_230240__etc_selinux_config_Line: 'SELINUX=enforcing'
|
||||
# R-230241 RHEL-08-010171
|
||||
rhel8STIG_stigrule_230241_Manage: True
|
||||
rhel8STIG_stigrule_230241_policycoreutils_State: installed
|
||||
# R-230244 RHEL-08-010200
|
||||
rhel8STIG_stigrule_230244_Manage: True
|
||||
rhel8STIG_stigrule_230244_ClientAliveCountMax_Line: ClientAliveCountMax 1
|
||||
# R-230252 RHEL-08-010291
|
||||
rhel8STIG_stigrule_230252_Manage: True
|
||||
rhel8STIG_stigrule_230252__etc_sysconfig_sshd_Line: '# CRYPTO_POLICY='
|
||||
# R-230255 RHEL-08-010294
|
||||
rhel8STIG_stigrule_230255_Manage: True
|
||||
rhel8STIG_stigrule_230255__etc_crypto_policies_back_ends_opensslcnf_config_Line: 'MinProtocol = TLSv1.2'
|
||||
# R-230256 RHEL-08-010295
|
||||
rhel8STIG_stigrule_230256_Manage: True
|
||||
rhel8STIG_stigrule_230256__etc_crypto_policies_back_ends_gnutls_config_Line: '+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0'
|
||||
# R-230265 RHEL-08-010371
|
||||
rhel8STIG_stigrule_230265_Manage: True
|
||||
rhel8STIG_stigrule_230265__etc_dnf_dnf_conf_Value: '1'
|
||||
# R-230266 RHEL-08-010372
|
||||
rhel8STIG_stigrule_230266_Manage: True
|
||||
rhel8STIG_stigrule_230266__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.kexec_load_disabled = 1'
|
||||
# R-230267 RHEL-08-010373
|
||||
rhel8STIG_stigrule_230267_Manage: True
|
||||
rhel8STIG_stigrule_230267__etc_sysctl_d_99_sysctl_conf_Line: 'fs.protected_symlinks = 1'
|
||||
# R-230268 RHEL-08-010374
|
||||
rhel8STIG_stigrule_230268_Manage: True
|
||||
rhel8STIG_stigrule_230268__etc_sysctl_d_99_sysctl_conf_Line: 'fs.protected_hardlinks = 1'
|
||||
# R-230269 RHEL-08-010375
|
||||
rhel8STIG_stigrule_230269_Manage: True
|
||||
rhel8STIG_stigrule_230269__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.dmesg_restrict = 1'
|
||||
# R-230270 RHEL-08-010376
|
||||
rhel8STIG_stigrule_230270_Manage: True
|
||||
rhel8STIG_stigrule_230270__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.perf_event_paranoid = 2'
|
||||
# R-230273 RHEL-08-010390
|
||||
rhel8STIG_stigrule_230273_Manage: True
|
||||
rhel8STIG_stigrule_230273_esc_State: installed
|
||||
rhel8STIG_stigrule_230273_openssl_pkcs11_State: installed
|
||||
# R-230275 RHEL-08-010410
|
||||
rhel8STIG_stigrule_230275_Manage: True
|
||||
rhel8STIG_stigrule_230275_opensc_State: installed
|
||||
# R-230280 RHEL-08-010430
|
||||
rhel8STIG_stigrule_230280_Manage: True
|
||||
rhel8STIG_stigrule_230280__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.randomize_va_space = 2'
|
||||
# R-230281 RHEL-08-010440
|
||||
rhel8STIG_stigrule_230281_Manage: True
|
||||
rhel8STIG_stigrule_230281__etc_dnf_dnf_conf_Value: 'True'
|
||||
# R-230282 RHEL-08-010450
|
||||
rhel8STIG_stigrule_230282_Manage: True
|
||||
rhel8STIG_stigrule_230282__etc_selinux_config_Line: 'SELINUXTYPE=targeted'
|
||||
# R-230285 RHEL-08-010471
|
||||
rhel8STIG_stigrule_230285_Manage: True
|
||||
rhel8STIG_stigrule_230285_rngd_enable_Enabled: yes
|
||||
rhel8STIG_stigrule_230285_rngd_start_State: started
|
||||
# R-230288 RHEL-08-010500
|
||||
rhel8STIG_stigrule_230288_Manage: True
|
||||
rhel8STIG_stigrule_230288_StrictModes_Line: StrictModes yes
|
||||
# R-230290 RHEL-08-010520
|
||||
rhel8STIG_stigrule_230290_Manage: True
|
||||
rhel8STIG_stigrule_230290_IgnoreUserKnownHosts_Line: IgnoreUserKnownHosts yes
|
||||
# R-230291 RHEL-08-010521
|
||||
rhel8STIG_stigrule_230291_Manage: True
|
||||
rhel8STIG_stigrule_230291_KerberosAuthentication_Line: KerberosAuthentication no
|
||||
# R-230296 RHEL-08-010550
|
||||
rhel8STIG_stigrule_230296_Manage: True
|
||||
rhel8STIG_stigrule_230296_PermitRootLogin_Line: PermitRootLogin no
|
||||
# R-230298 RHEL-08-010561
|
||||
rhel8STIG_stigrule_230298_Manage: True
|
||||
rhel8STIG_stigrule_230298_rsyslog_enable_Enabled: yes
|
||||
rhel8STIG_stigrule_230298_rsyslog_start_State: started
|
||||
# R-230310 RHEL-08-010670
|
||||
# If kernel core dumps are required, document the need with the ISSO.
|
||||
rhel8STIG_stigrule_230310_Manage: True
|
||||
rhel8STIG_stigrule_230310_kdump_disable_Enabled: no
|
||||
# R-230311 RHEL-08-010671
|
||||
rhel8STIG_stigrule_230311_Manage: True
|
||||
rhel8STIG_stigrule_230311__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.core_pattern=|/bin/false'
|
||||
rhel8STIG_stigrule_230311_kernel_core_pattern_Value: '|/bin/false'
|
||||
# R-230313 RHEL-08-010673
|
||||
rhel8STIG_stigrule_230313_Manage: True
|
||||
rhel8STIG_stigrule_230313__etc_security_limits_conf_Line: '* hard core 0'
|
||||
# R-230314 RHEL-08-010674
|
||||
rhel8STIG_stigrule_230314_Manage: True
|
||||
rhel8STIG_stigrule_230314__etc_systemd_coredump_conf_Line: 'Storage=none'
|
||||
# R-230315 RHEL-08-010675
|
||||
rhel8STIG_stigrule_230315_Manage: True
|
||||
rhel8STIG_stigrule_230315__etc_systemd_coredump_conf_Line: 'ProcessSizeMax=0'
|
||||
# R-230324 RHEL-08-010760
|
||||
rhel8STIG_stigrule_230324_Manage: True
|
||||
rhel8STIG_stigrule_230324__etc_login_defs_Line: 'CREATE_HOME yes'
|
||||
# R-230329 RHEL-08-010820
|
||||
rhel8STIG_stigrule_230329_Manage: True
|
||||
rhel8STIG_stigrule_230329__etc_gdm_custom_conf_Value: 'false'
|
||||
# R-230330 RHEL-08-010830
|
||||
rhel8STIG_stigrule_230330_Manage: True
|
||||
rhel8STIG_stigrule_230330_PermitUserEnvironment_Line: PermitUserEnvironment no
|
||||
# R-230346 RHEL-08-020024
|
||||
rhel8STIG_stigrule_230346_Manage: True
|
||||
rhel8STIG_stigrule_230346__etc_security_limits_conf_Line: '* hard maxlogins 10'
|
||||
# R-230347 RHEL-08-020030
|
||||
rhel8STIG_stigrule_230347_Manage: True
|
||||
rhel8STIG_stigrule_230347__etc_dconf_db_local_d_00_screensaver_Value: 'true'
|
||||
# R-230348 RHEL-08-020040
|
||||
rhel8STIG_stigrule_230348_Manage: True
|
||||
rhel8STIG_stigrule_230348_ensure_tmux_is_installed_State: installed
|
||||
rhel8STIG_stigrule_230348__etc_tmux_conf_Line: 'set -g lock-command vlock'
|
||||
# R-230349 RHEL-08-020041
|
||||
rhel8STIG_stigrule_230349_Manage: True
|
||||
rhel8STIG_stigrule_230349__etc_bashrc_Line: '[ -n "$PS1" -a -z "$TMUX" ] && exec tmux'
|
||||
# R-230352 RHEL-08-020060
|
||||
rhel8STIG_stigrule_230352_Manage: True
|
||||
rhel8STIG_stigrule_230352__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 900'
|
||||
# R-230353 RHEL-08-020070
|
||||
rhel8STIG_stigrule_230353_Manage: True
|
||||
rhel8STIG_stigrule_230353__etc_tmux_conf_Line: 'set -g lock-after-time 900'
|
||||
# R-230354 RHEL-08-020080
|
||||
rhel8STIG_stigrule_230354_Manage: True
|
||||
rhel8STIG_stigrule_230354__etc_dconf_db_local_d_locks_session_Line: '/org/gnome/desktop/screensaver/lock-delay'
|
||||
# R-230357 RHEL-08-020110
|
||||
rhel8STIG_stigrule_230357_Manage: True
|
||||
rhel8STIG_stigrule_230357__etc_security_pwquality_conf_Line: 'ucredit = -1'
|
||||
# R-230358 RHEL-08-020120
|
||||
rhel8STIG_stigrule_230358_Manage: True
|
||||
rhel8STIG_stigrule_230358__etc_security_pwquality_conf_Line: 'lcredit = -1'
|
||||
# R-230359 RHEL-08-020130
|
||||
rhel8STIG_stigrule_230359_Manage: True
|
||||
rhel8STIG_stigrule_230359__etc_security_pwquality_conf_Line: 'dcredit = -1'
|
||||
# R-230360 RHEL-08-020140
|
||||
rhel8STIG_stigrule_230360_Manage: True
|
||||
rhel8STIG_stigrule_230360__etc_security_pwquality_conf_Line: 'maxclassrepeat = 4'
|
||||
# R-230361 RHEL-08-020150
|
||||
rhel8STIG_stigrule_230361_Manage: True
|
||||
rhel8STIG_stigrule_230361__etc_security_pwquality_conf_Line: 'maxrepeat = 3'
|
||||
# R-230362 RHEL-08-020160
|
||||
rhel8STIG_stigrule_230362_Manage: True
|
||||
rhel8STIG_stigrule_230362__etc_security_pwquality_conf_Line: 'minclass = 4'
|
||||
# R-230363 RHEL-08-020170
|
||||
rhel8STIG_stigrule_230363_Manage: True
|
||||
rhel8STIG_stigrule_230363__etc_security_pwquality_conf_Line: 'difok = 8'
|
||||
# R-230365 RHEL-08-020190
|
||||
rhel8STIG_stigrule_230365_Manage: True
|
||||
rhel8STIG_stigrule_230365__etc_login_defs_Line: 'PASS_MIN_DAYS 1'
|
||||
# R-230366 RHEL-08-020200
|
||||
rhel8STIG_stigrule_230366_Manage: True
|
||||
rhel8STIG_stigrule_230366__etc_login_defs_Line: 'PASS_MAX_DAYS 60'
|
||||
# R-230369 RHEL-08-020230
|
||||
rhel8STIG_stigrule_230369_Manage: True
|
||||
rhel8STIG_stigrule_230369__etc_security_pwquality_conf_Line: 'minlen = 15'
|
||||
# R-230370 RHEL-08-020231
|
||||
rhel8STIG_stigrule_230370_Manage: True
|
||||
rhel8STIG_stigrule_230370__etc_login_defs_Line: 'PASS_MIN_LEN 15'
|
||||
# R-230375 RHEL-08-020280
|
||||
rhel8STIG_stigrule_230375_Manage: True
|
||||
rhel8STIG_stigrule_230375__etc_security_pwquality_conf_Line: 'ocredit = -1'
|
||||
# R-230377 RHEL-08-020300
|
||||
rhel8STIG_stigrule_230377_Manage: True
|
||||
rhel8STIG_stigrule_230377__etc_security_pwquality_conf_Line: 'dictcheck = 1'
|
||||
# R-230378 RHEL-08-020310
|
||||
rhel8STIG_stigrule_230378_Manage: True
|
||||
rhel8STIG_stigrule_230378__etc_login_defs_Line: 'FAIL_DELAY 4'
|
||||
# R-230382 RHEL-08-020350
|
||||
rhel8STIG_stigrule_230382_Manage: True
|
||||
rhel8STIG_stigrule_230382_PrintLastLog_Line: PrintLastLog yes
|
||||
# R-230383 RHEL-08-020351
|
||||
rhel8STIG_stigrule_230383_Manage: True
|
||||
rhel8STIG_stigrule_230383__etc_login_defs_Line: 'UMASK 077'
|
||||
# R-230386 RHEL-08-030000
|
||||
rhel8STIG_stigrule_230386_Manage: True
|
||||
rhel8STIG_stigrule_230386__etc_audit_rules_d_audit_rules_execve_euid_b32_Line: '-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k execpriv'
|
||||
rhel8STIG_stigrule_230386__etc_audit_rules_d_audit_rules_execve_euid_b64_Line: '-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k execpriv'
|
||||
rhel8STIG_stigrule_230386__etc_audit_rules_d_audit_rules_execve_egid_b32_Line: '-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k execpriv'
|
||||
rhel8STIG_stigrule_230386__etc_audit_rules_d_audit_rules_execve_egid_b64_Line: '-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k execpriv'
|
||||
# R-230387 RHEL-08-030010
|
||||
rhel8STIG_stigrule_230387_Manage: True
|
||||
rhel8STIG_stigrule_230387__etc_rsyslog_conf_Line: 'cron.* /var/log/cron'
|
||||
# R-230388 RHEL-08-030020
|
||||
rhel8STIG_stigrule_230388_Manage: True
|
||||
rhel8STIG_stigrule_230388__etc_audit_auditd_conf_Line: 'action_mail_acct = root'
|
||||
# R-230389 RHEL-08-030030
|
||||
rhel8STIG_stigrule_230389_Manage: True
|
||||
rhel8STIG_stigrule_230389__etc_aliases_Line: 'postmaster: root'
|
||||
# R-230390 RHEL-08-030040
|
||||
rhel8STIG_stigrule_230390_Manage: True
|
||||
rhel8STIG_stigrule_230390__etc_audit_auditd_conf_Line: 'disk_error_action = HALT'
|
||||
# R-230392 RHEL-08-030060
|
||||
rhel8STIG_stigrule_230392_Manage: True
|
||||
rhel8STIG_stigrule_230392__etc_audit_auditd_conf_Line: 'disk_full_action = HALT'
|
||||
# R-230393 RHEL-08-030061
|
||||
rhel8STIG_stigrule_230393_Manage: True
|
||||
rhel8STIG_stigrule_230393__etc_audit_auditd_conf_Line: 'local_events = yes'
|
||||
# R-230394 RHEL-08-030062
|
||||
rhel8STIG_stigrule_230394_Manage: True
|
||||
rhel8STIG_stigrule_230394__etc_audit_auditd_conf_Line: 'name_format = hostname'
|
||||
# R-230395 RHEL-08-030063
|
||||
rhel8STIG_stigrule_230395_Manage: True
|
||||
rhel8STIG_stigrule_230395__etc_audit_auditd_conf_Line: 'log_format = ENRICHED'
|
||||
# R-230396 RHEL-08-030070
|
||||
rhel8STIG_stigrule_230396_Manage: True
|
||||
rhel8STIG_stigrule_230396__etc_audit_auditd_conf_Line: 'log_group = root'
|
||||
# R-230398 RHEL-08-030090
|
||||
# A duplicate of 230396
|
||||
# duplicate of 230396
|
||||
# R-230402 RHEL-08-030121
|
||||
rhel8STIG_stigrule_230402_Manage: True
|
||||
rhel8STIG_stigrule_230402__etc_audit_rules_d_audit_rules_e2_Line: '-e 2'
|
||||
# R-230403 RHEL-08-030122
|
||||
rhel8STIG_stigrule_230403_Manage: True
|
||||
rhel8STIG_stigrule_230403__etc_audit_rules_d_audit_rules_loginuid_immutable_Line: '--loginuid-immutable'
|
||||
# R-230404 RHEL-08-030130
|
||||
rhel8STIG_stigrule_230404_Manage: True
|
||||
rhel8STIG_stigrule_230404__etc_audit_rules_d_audit_rules__etc_shadow_Line: '-w /etc/shadow -p wa -k identity'
|
||||
# R-230405 RHEL-08-030140
|
||||
rhel8STIG_stigrule_230405_Manage: True
|
||||
rhel8STIG_stigrule_230405__etc_audit_rules_d_audit_rules__etc_security_opasswd_Line: '-w /etc/security/opasswd -p wa -k identity'
|
||||
# R-230406 RHEL-08-030150
|
||||
rhel8STIG_stigrule_230406_Manage: True
|
||||
rhel8STIG_stigrule_230406__etc_audit_rules_d_audit_rules__etc_passwd_Line: '-w /etc/passwd -p wa -k identity'
|
||||
# R-230407 RHEL-08-030160
|
||||
rhel8STIG_stigrule_230407_Manage: True
|
||||
rhel8STIG_stigrule_230407__etc_audit_rules_d_audit_rules__etc_gshadow_Line: '-w /etc/gshadow -p wa -k identity'
|
||||
# R-230408 RHEL-08-030170
|
||||
rhel8STIG_stigrule_230408_Manage: True
|
||||
rhel8STIG_stigrule_230408__etc_audit_rules_d_audit_rules__etc_group_Line: '-w /etc/group -p wa -k identity'
|
||||
# R-230409 RHEL-08-030171
|
||||
rhel8STIG_stigrule_230409_Manage: True
|
||||
rhel8STIG_stigrule_230409__etc_audit_rules_d_audit_rules__etc_sudoers_Line: '-w /etc/sudoers -p wa -k identity'
|
||||
# R-230410 RHEL-08-030172
|
||||
rhel8STIG_stigrule_230410_Manage: True
|
||||
rhel8STIG_stigrule_230410__etc_audit_rules_d_audit_rules__etc_sudoers_d__Line: '-w /etc/sudoers.d/ -p wa -k identity'
|
||||
# R-230411 RHEL-08-030180
|
||||
rhel8STIG_stigrule_230411_Manage: True
|
||||
rhel8STIG_stigrule_230411_audit_State: installed
|
||||
# R-230412 RHEL-08-030190
|
||||
rhel8STIG_stigrule_230412_Manage: True
|
||||
rhel8STIG_stigrule_230412__etc_audit_rules_d_audit_rules__usr_bin_su_Line: '-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=unset -k privileged-priv_change'
|
||||
# R-230413 RHEL-08-030200
|
||||
rhel8STIG_stigrule_230413_Manage: True
|
||||
rhel8STIG_stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b32_unset_Line: '-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod'
|
||||
rhel8STIG_stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b64_unset_Line: '-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod'
|
||||
rhel8STIG_stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b32_Line: '-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod'
|
||||
rhel8STIG_stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b64_Line: '-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod'
|
||||
# R-230418 RHEL-08-030250
|
||||
rhel8STIG_stigrule_230418_Manage: True
|
||||
rhel8STIG_stigrule_230418__etc_audit_rules_d_audit_rules__usr_bin_chage_Line: '-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-chage'
|
||||
# R-230419 RHEL-08-030260
|
||||
rhel8STIG_stigrule_230419_Manage: True
|
||||
rhel8STIG_stigrule_230419__etc_audit_rules_d_audit_rules__usr_bin_chcon_Line: '-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod'
|
||||
# R-230421 RHEL-08-030280
|
||||
rhel8STIG_stigrule_230421_Manage: True
|
||||
rhel8STIG_stigrule_230421__etc_audit_rules_d_audit_rules__usr_bin_ssh_agent_Line: '-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh'
|
||||
# R-230422 RHEL-08-030290
|
||||
rhel8STIG_stigrule_230422_Manage: True
|
||||
rhel8STIG_stigrule_230422__etc_audit_rules_d_audit_rules__usr_bin_passwd_Line: '-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-passwd'
|
||||
# R-230423 RHEL-08-030300
|
||||
rhel8STIG_stigrule_230423_Manage: True
|
||||
rhel8STIG_stigrule_230423__etc_audit_rules_d_audit_rules__usr_bin_mount_Line: '-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount'
|
||||
# R-230424 RHEL-08-030301
|
||||
rhel8STIG_stigrule_230424_Manage: True
|
||||
rhel8STIG_stigrule_230424__etc_audit_rules_d_audit_rules__usr_bin_umount_Line: '-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount'
|
||||
# R-230425 RHEL-08-030302
|
||||
rhel8STIG_stigrule_230425_Manage: True
|
||||
rhel8STIG_stigrule_230425__etc_audit_rules_d_audit_rules_mount_b32_Line: '-a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=unset -k privileged-mount'
|
||||
rhel8STIG_stigrule_230425__etc_audit_rules_d_audit_rules_mount_b64_Line: '-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=unset -k privileged-mount'
|
||||
# R-230426 RHEL-08-030310
|
||||
rhel8STIG_stigrule_230426_Manage: True
|
||||
rhel8STIG_stigrule_230426__etc_audit_rules_d_audit_rules__usr_sbin_unix_update_Line: '-a always,exit -F path=/usr/sbin/unix_update -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
|
||||
# R-230427 RHEL-08-030311
|
||||
rhel8STIG_stigrule_230427_Manage: True
|
||||
rhel8STIG_stigrule_230427__etc_audit_rules_d_audit_rules__usr_sbin_postdrop_Line: '-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
|
||||
# R-230428 RHEL-08-030312
|
||||
rhel8STIG_stigrule_230428_Manage: True
|
||||
rhel8STIG_stigrule_230428__etc_audit_rules_d_audit_rules__usr_sbin_postqueue_Line: '-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
|
||||
# R-230429 RHEL-08-030313
|
||||
rhel8STIG_stigrule_230429_Manage: True
|
||||
rhel8STIG_stigrule_230429__etc_audit_rules_d_audit_rules__usr_sbin_semanage_Line: '-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
|
||||
# R-230430 RHEL-08-030314
|
||||
rhel8STIG_stigrule_230430_Manage: True
|
||||
rhel8STIG_stigrule_230430__etc_audit_rules_d_audit_rules__usr_sbin_setfiles_Line: '-a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
|
||||
# R-230431 RHEL-08-030315
|
||||
rhel8STIG_stigrule_230431_Manage: True
|
||||
rhel8STIG_stigrule_230431__etc_audit_rules_d_audit_rules__usr_sbin_userhelper_Line: '-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
|
||||
# R-230432 RHEL-08-030316
|
||||
rhel8STIG_stigrule_230432_Manage: True
|
||||
rhel8STIG_stigrule_230432__etc_audit_rules_d_audit_rules__usr_sbin_setsebool_Line: '-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
|
||||
# R-230433 RHEL-08-030317
|
||||
rhel8STIG_stigrule_230433_Manage: True
|
||||
rhel8STIG_stigrule_230433__etc_audit_rules_d_audit_rules__usr_sbin_unix_chkpwd_Line: '-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
|
||||
# R-230434 RHEL-08-030320
|
||||
rhel8STIG_stigrule_230434_Manage: True
|
||||
rhel8STIG_stigrule_230434__etc_audit_rules_d_audit_rules__usr_libexec_openssh_ssh_keysign_Line: '-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh'
|
||||
# R-230435 RHEL-08-030330
|
||||
rhel8STIG_stigrule_230435_Manage: True
|
||||
rhel8STIG_stigrule_230435__etc_audit_rules_d_audit_rules__usr_bin_setfacl_Line: '-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod'
|
||||
# R-230436 RHEL-08-030340
|
||||
rhel8STIG_stigrule_230436_Manage: True
|
||||
rhel8STIG_stigrule_230436__etc_audit_rules_d_audit_rules__usr_sbin_pam_timestamp_check_Line: '-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=unset -k privileged-pam_timestamp_check'
|
||||
# R-230437 RHEL-08-030350
|
||||
rhel8STIG_stigrule_230437_Manage: True
|
||||
rhel8STIG_stigrule_230437__etc_audit_rules_d_audit_rules__usr_bin_newgrp_Line: '-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd'
|
||||
# R-230438 RHEL-08-030360
|
||||
rhel8STIG_stigrule_230438_Manage: True
|
||||
rhel8STIG_stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b32_Line: '-a always,exit -F arch=b32 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng'
|
||||
rhel8STIG_stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b64_Line: '-a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng'
|
||||
# R-230439 RHEL-08-030361
|
||||
rhel8STIG_stigrule_230439_Manage: True
|
||||
rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b32_Line: '-a always,exit -F arch=b32 -S rename -F auid>=1000 -F auid!=unset -k module_chng'
|
||||
rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b64_Line: '-a always,exit -F arch=b64 -S rename -F auid>=1000 -F auid!=unset -k module_chng'
|
||||
# R-230444 RHEL-08-030370
|
||||
rhel8STIG_stigrule_230444_Manage: True
|
||||
rhel8STIG_stigrule_230444__etc_audit_rules_d_audit_rules__usr_bin_gpasswd_Line: '-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-gpasswd'
|
||||
# R-230446 RHEL-08-030390
|
||||
rhel8STIG_stigrule_230446_Manage: True
|
||||
rhel8STIG_stigrule_230446__etc_audit_rules_d_audit_rules_delete_module_b32_Line: '-a always,exit -F arch=b32 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng'
|
||||
rhel8STIG_stigrule_230446__etc_audit_rules_d_audit_rules_delete_module_b64_Line: '-a always,exit -F arch=b64 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng'
|
||||
# R-230447 RHEL-08-030400
|
||||
rhel8STIG_stigrule_230447_Manage: True
|
||||
rhel8STIG_stigrule_230447__etc_audit_rules_d_audit_rules__usr_bin_crontab_Line: '-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -k privileged-crontab'
|
||||
# R-230448 RHEL-08-030410
|
||||
rhel8STIG_stigrule_230448_Manage: True
|
||||
rhel8STIG_stigrule_230448__etc_audit_rules_d_audit_rules__usr_bin_chsh_Line: '-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd'
|
||||
# R-230449 RHEL-08-030420
|
||||
rhel8STIG_stigrule_230449_Manage: True
|
||||
rhel8STIG_stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EPERM_b32_Line: '-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access'
|
||||
rhel8STIG_stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EPERM_b64_Line: '-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access'
|
||||
rhel8STIG_stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EACCES_b32_Line: '-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access'
|
||||
rhel8STIG_stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EACCES_b64_Line: '-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access'
|
||||
# R-230455 RHEL-08-030480
|
||||
rhel8STIG_stigrule_230455_Manage: True
|
||||
rhel8STIG_stigrule_230455__etc_audit_rules_d_audit_rules_chown_b32_Line: '-a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod'
|
||||
rhel8STIG_stigrule_230455__etc_audit_rules_d_audit_rules_chown_b64_Line: '-a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod'
|
||||
# R-230456 RHEL-08-030490
|
||||
rhel8STIG_stigrule_230456_Manage: True
|
||||
rhel8STIG_stigrule_230456__etc_audit_rules_d_audit_rules_chmod_b32_Line: '-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod'
|
||||
rhel8STIG_stigrule_230456__etc_audit_rules_d_audit_rules_chmod_b64_Line: '-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod'
|
||||
# R-230462 RHEL-08-030550
|
||||
rhel8STIG_stigrule_230462_Manage: True
|
||||
rhel8STIG_stigrule_230462__etc_audit_rules_d_audit_rules__usr_bin_sudo_Line: '-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd'
|
||||
# R-230463 RHEL-08-030560
|
||||
rhel8STIG_stigrule_230463_Manage: True
|
||||
rhel8STIG_stigrule_230463__etc_audit_rules_d_audit_rules__usr_sbin_usermod_Line: '-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=unset -k privileged-usermod'
|
||||
# R-230464 RHEL-08-030570
|
||||
rhel8STIG_stigrule_230464_Manage: True
|
||||
rhel8STIG_stigrule_230464__etc_audit_rules_d_audit_rules__usr_bin_chacl_Line: '-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod'
|
||||
# R-230465 RHEL-08-030580
|
||||
rhel8STIG_stigrule_230465_Manage: True
|
||||
rhel8STIG_stigrule_230465__etc_audit_rules_d_audit_rules__usr_bin_kmod_Line: '-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -k modules'
|
||||
# R-230466 RHEL-08-030590
|
||||
rhel8STIG_stigrule_230466_Manage: True
|
||||
rhel8STIG_stigrule_230466__etc_audit_rules_d_audit_rules__var_log_faillock_Line: '-w /var/log/faillock -p wa -k logins'
|
||||
# R-230467 RHEL-08-030600
|
||||
rhel8STIG_stigrule_230467_Manage: True
|
||||
rhel8STIG_stigrule_230467__etc_audit_rules_d_audit_rules__var_log_lastlog_Line: '-w /var/log/lastlog -p wa -k logins'
|
||||
# R-230477 RHEL-08-030670
|
||||
rhel8STIG_stigrule_230477_Manage: True
|
||||
rhel8STIG_stigrule_230477_rsyslog_State: installed
|
||||
# R-230478 RHEL-08-030680
|
||||
rhel8STIG_stigrule_230478_Manage: True
|
||||
rhel8STIG_stigrule_230478_rsyslog_gnutls_State: installed
|
||||
# R-230480 RHEL-08-030700
|
||||
rhel8STIG_stigrule_230480_Manage: True
|
||||
rhel8STIG_stigrule_230480__etc_audit_auditd_conf_Line: 'overflow_action = syslog'
|
||||
# R-230481 RHEL-08-030710
|
||||
rhel8STIG_stigrule_230481_Manage: True
|
||||
rhel8STIG_stigrule_230481__etc_rsyslog_conf_DefaultNetstreamDriver_Line: '$DefaultNetstreamDriver gtls'
|
||||
rhel8STIG_stigrule_230481__etc_rsyslog_conf_ActionSendStreamDriverMode_Line: '$ActionSendStreamDriverMode 1'
|
||||
# R-230482 RHEL-08-030720
|
||||
rhel8STIG_stigrule_230482_Manage: True
|
||||
rhel8STIG_stigrule_230482__etc_rsyslog_conf_DefaultNetstreamDriver_Line: '$ActionSendStreamDriverAuthMode x509/name'
|
||||
# R-230483 RHEL-08-030730
|
||||
rhel8STIG_stigrule_230483_Manage: True
|
||||
rhel8STIG_stigrule_230483__etc_audit_auditd_conf_space_left_Line: 'space_left = 25%'
|
||||
# R-230487 RHEL-08-040000
|
||||
rhel8STIG_stigrule_230487_Manage: True
|
||||
rhel8STIG_stigrule_230487_telnet_server_State: removed
|
||||
# R-230488 RHEL-08-040001
|
||||
rhel8STIG_stigrule_230488_Manage: True
|
||||
rhel8STIG_stigrule_230488_abrt__State: removed
|
||||
# R-230489 RHEL-08-040002
|
||||
rhel8STIG_stigrule_230489_Manage: True
|
||||
rhel8STIG_stigrule_230489_sendmail_State: removed
|
||||
# R-230492 RHEL-08-040010
|
||||
rhel8STIG_stigrule_230492_Manage: True
|
||||
rhel8STIG_stigrule_230492_rsh_server_State: removed
|
||||
# R-230502 RHEL-08-040070
|
||||
rhel8STIG_stigrule_230502_Manage: True
|
||||
rhel8STIG_stigrule_230502_autofs_stop_State: stopped
|
||||
rhel8STIG_stigrule_230502_autofs_disable_Enabled: no
|
||||
# R-230505 RHEL-08-040100
|
||||
rhel8STIG_stigrule_230505_Manage: True
|
||||
rhel8STIG_stigrule_230505_firewalld_noarch_State: installed
|
||||
# R-230506 RHEL-08-040110
|
||||
rhel8STIG_stigrule_230506_Manage: True
|
||||
rhel8STIG_stigrule_230506_nmcli_radio_wifi_off_Command: nmcli radio wifi off
|
||||
# R-230526 RHEL-08-040160
|
||||
rhel8STIG_stigrule_230526_Manage: True
|
||||
rhel8STIG_stigrule_230526_ensure_openssh_server_x86_64_is_installed_State: installed
|
||||
rhel8STIG_stigrule_230526_sshd_enable_Enabled: yes
|
||||
# R-230527 RHEL-08-040161
|
||||
rhel8STIG_stigrule_230527_Manage: True
|
||||
rhel8STIG_stigrule_230527_RekeyLimit_Line: RekeyLimit 1G 1h
|
||||
# R-230529 RHEL-08-040170
|
||||
rhel8STIG_stigrule_230529_Manage: True
|
||||
rhel8STIG_stigrule_230529_systemctl_mask_ctrl_alt_del_target_Command: systemctl mask ctrl-alt-del.target
|
||||
# R-230531 RHEL-08-040172
|
||||
rhel8STIG_stigrule_230531_Manage: True
|
||||
rhel8STIG_stigrule_230531__etc_systemd_system_conf_Value: 'none'
|
||||
# R-230533 RHEL-08-040190
|
||||
rhel8STIG_stigrule_230533_Manage: True
|
||||
rhel8STIG_stigrule_230533_tftp_server_State: removed
|
||||
# R-230535 RHEL-08-040210
|
||||
rhel8STIG_stigrule_230535_Manage: True
|
||||
rhel8STIG_stigrule_230535_net_ipv6_conf_default_accept_redirects_Value: 0
|
||||
# R-230536 RHEL-08-040220
|
||||
rhel8STIG_stigrule_230536_Manage: True
|
||||
rhel8STIG_stigrule_230536_net_ipv4_conf_all_send_redirects_Value: 0
|
||||
# R-230537 RHEL-08-040230
|
||||
rhel8STIG_stigrule_230537_Manage: True
|
||||
rhel8STIG_stigrule_230537_net_ipv4_icmp_echo_ignore_broadcasts_Value: 1
|
||||
# R-230538 RHEL-08-040240
|
||||
rhel8STIG_stigrule_230538_Manage: True
|
||||
rhel8STIG_stigrule_230538_net_ipv6_conf_all_accept_source_route_Value: 0
|
||||
# R-230539 RHEL-08-040250
|
||||
rhel8STIG_stigrule_230539_Manage: True
|
||||
rhel8STIG_stigrule_230539_net_ipv6_conf_default_accept_source_route_Value: 0
|
||||
# R-230540 RHEL-08-040260
|
||||
rhel8STIG_stigrule_230540_Manage: True
|
||||
rhel8STIG_stigrule_230540_net_ipv4_ip_forward_Value: 0
|
||||
rhel8STIG_stigrule_230540_net_ipv6_conf_all_forwarding_Value: 0
|
||||
# R-230541 RHEL-08-040261
|
||||
rhel8STIG_stigrule_230541_Manage: True
|
||||
rhel8STIG_stigrule_230541_net_ipv6_conf_all_accept_ra_Value: 0
|
||||
# R-230542 RHEL-08-040262
|
||||
rhel8STIG_stigrule_230542_Manage: True
|
||||
rhel8STIG_stigrule_230542_net_ipv6_conf_default_accept_ra_Value: 0
|
||||
# R-230543 RHEL-08-040270
|
||||
rhel8STIG_stigrule_230543_Manage: True
|
||||
rhel8STIG_stigrule_230543_net_ipv4_conf_default_send_redirects_Value: 0
|
||||
# R-230544 RHEL-08-040280
|
||||
rhel8STIG_stigrule_230544_Manage: True
|
||||
rhel8STIG_stigrule_230544_net_ipv6_conf_all_accept_redirects_Value: 0
|
||||
# R-230545 RHEL-08-040281
|
||||
rhel8STIG_stigrule_230545_Manage: True
|
||||
rhel8STIG_stigrule_230545__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.unprivileged_bpf_disabled = 1'
|
||||
# R-230546 RHEL-08-040282
|
||||
rhel8STIG_stigrule_230546_Manage: True
|
||||
rhel8STIG_stigrule_230546__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.yama.ptrace_scope = 1'
|
||||
rhel8STIG_stigrule_230546_kernel_yama_ptrace_scope_Value: 1
|
||||
# R-230547 RHEL-08-040283
|
||||
rhel8STIG_stigrule_230547_Manage: True
|
||||
rhel8STIG_stigrule_230547__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.kptr_restrict = 1'
|
||||
# R-230548 RHEL-08-040284
|
||||
rhel8STIG_stigrule_230548_Manage: True
|
||||
rhel8STIG_stigrule_230548__etc_sysctl_d_99_sysctl_conf_Line: 'user.max_user_namespaces = 0'
|
||||
rhel8STIG_stigrule_230548_user_max_user_namespaces_Value: 0
|
||||
# R-230549 RHEL-08-040285
|
||||
rhel8STIG_stigrule_230549_Manage: True
|
||||
rhel8STIG_stigrule_230549__etc_sysctl_d_99_sysctl_conf_Line: 'net.ipv4.conf.all.rp_filter = 1'
|
||||
# R-230555 RHEL-08-040340
|
||||
rhel8STIG_stigrule_230555_Manage: True
|
||||
rhel8STIG_stigrule_230555_X11Forwarding_Line: X11Forwarding no
|
||||
# R-230556 RHEL-08-040341
|
||||
rhel8STIG_stigrule_230556_Manage: True
|
||||
rhel8STIG_stigrule_230556_X11UseLocalhost_Line: X11UseLocalhost yes
|
||||
# R-230558 RHEL-08-040360
|
||||
rhel8STIG_stigrule_230558_Manage: True
|
||||
rhel8STIG_stigrule_230558_vsftpd_State: removed
|
||||
# R-230559 RHEL-08-040370
|
||||
rhel8STIG_stigrule_230559_Manage: True
|
||||
rhel8STIG_stigrule_230559_gssproxy_State: removed
|
||||
# R-230560 RHEL-08-040380
|
||||
rhel8STIG_stigrule_230560_Manage: True
|
||||
rhel8STIG_stigrule_230560_iprutils_State: removed
|
||||
# R-230561 RHEL-08-040390
|
||||
rhel8STIG_stigrule_230561_Manage: True
|
||||
rhel8STIG_stigrule_230561_tuned_State: removed
|
||||
# R-244519 RHEL-08-010049
|
||||
rhel8STIG_stigrule_244519_Manage: True
|
||||
rhel8STIG_stigrule_244519__etc_dconf_db_local_d_01_banner_message_Value: 'true'
|
||||
# R-244523 RHEL-08-010152
|
||||
rhel8STIG_stigrule_244523_Manage: True
|
||||
rhel8STIG_stigrule_244523__usr_lib_systemd_system_emergency_service_Value: '-/usr/lib/systemd/systemd-sulogin-shell emergency'
|
||||
# R-244525 RHEL-08-010201
|
||||
rhel8STIG_stigrule_244525_Manage: True
|
||||
rhel8STIG_stigrule_244525_ClientAliveInterval_Line: ClientAliveInterval 600
|
||||
# R-244527 RHEL-08-010472
|
||||
rhel8STIG_stigrule_244527_Manage: True
|
||||
rhel8STIG_stigrule_244527_rng_tools_State: installed
|
||||
# R-244528 RHEL-08-010522
|
||||
rhel8STIG_stigrule_244528_Manage: True
|
||||
rhel8STIG_stigrule_244528_GSSAPIAuthentication_Line: GSSAPIAuthentication no
|
||||
# R-244535 RHEL-08-020031
|
||||
rhel8STIG_stigrule_244535_Manage: True
|
||||
rhel8STIG_stigrule_244535__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 5'
|
||||
# R-244536 RHEL-08-020032
|
||||
rhel8STIG_stigrule_244536_Manage: True
|
||||
rhel8STIG_stigrule_244536__etc_dconf_db_local_d_02_login_screen_Value: 'true'
|
||||
# R-244537 RHEL-08-020039
|
||||
rhel8STIG_stigrule_244537_Manage: True
|
||||
rhel8STIG_stigrule_244537_tmux_State: installed
|
||||
# R-244538 RHEL-08-020081
|
||||
rhel8STIG_stigrule_244538_Manage: True
|
||||
rhel8STIG_stigrule_244538__etc_dconf_db_local_d_locks_session_idle_delay_Line: '/org/gnome/desktop/session/idle-delay'
|
||||
# R-244539 RHEL-08-020082
|
||||
rhel8STIG_stigrule_244539_Manage: True
|
||||
rhel8STIG_stigrule_244539__etc_dconf_db_local_d_locks_session_lock_enabled_Line: '/org/gnome/desktop/screensaver/lock-enabled'
|
||||
# R-244542 RHEL-08-030181
|
||||
rhel8STIG_stigrule_244542_Manage: True
|
||||
rhel8STIG_stigrule_244542_auditd_enable_Enabled: yes
|
||||
rhel8STIG_stigrule_244542_auditd_start_State: started
|
||||
# R-244543 RHEL-08-030731
|
||||
rhel8STIG_stigrule_244543_Manage: True
|
||||
rhel8STIG_stigrule_244543__etc_audit_auditd_conf_space_left_action_Line: 'space_left_action = email'
|
||||
# R-244544 RHEL-08-040101
|
||||
rhel8STIG_stigrule_244544_Manage: True
|
||||
rhel8STIG_stigrule_244544_firewalld_enable_Enabled: yes
|
||||
# R-244549 RHEL-08-040159
|
||||
rhel8STIG_stigrule_244549_Manage: True
|
||||
rhel8STIG_stigrule_244549_openssh_server_x86_64_State: installed
|
||||
# R-244550 RHEL-08-040209
|
||||
rhel8STIG_stigrule_244550_Manage: True
|
||||
rhel8STIG_stigrule_244550_net_ipv4_conf_default_accept_redirects_Value: 0
|
||||
# R-244551 RHEL-08-040239
|
||||
rhel8STIG_stigrule_244551_Manage: True
|
||||
rhel8STIG_stigrule_244551_net_ipv4_conf_all_accept_source_route_Value: 0
|
||||
# R-244552 RHEL-08-040249
|
||||
rhel8STIG_stigrule_244552_Manage: True
|
||||
rhel8STIG_stigrule_244552_net_ipv4_conf_default_accept_source_route_Value: 0
|
||||
# R-244553 RHEL-08-040279
|
||||
rhel8STIG_stigrule_244553_Manage: True
|
||||
rhel8STIG_stigrule_244553_net_ipv4_conf_all_accept_redirects_Value: 0
|
||||
# R-244554 RHEL-08-040286
|
||||
rhel8STIG_stigrule_244554_Manage: True
|
||||
rhel8STIG_stigrule_244554__etc_sysctl_d_99_sysctl_conf_Line: 'net.core.bpf_jit_harden = 2'
|
||||
File diff suppressed because one or more lines are too long
@@ -0,0 +1,11 @@
|
||||
- name: dconf_update
|
||||
command: dconf update
|
||||
- name: auditd_restart
|
||||
command: /usr/sbin/service auditd restart
|
||||
- name: ssh_restart
|
||||
service:
|
||||
name: sshd
|
||||
state: restarted
|
||||
- name: do_reboot
|
||||
reboot:
|
||||
pre_reboot_delay: 60
|
||||
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user