Update DISA supplemental roles for RHEL STIG (#238)
This commit is contained in:
Chris Edillon
GitHub
3
.gitignore
vendored
3
.gitignore
vendored
@@ -11,4 +11,5 @@ roles/*
|
|||||||
!roles/requirements.yml
|
!roles/requirements.yml
|
||||||
.deployment_id
|
.deployment_id
|
||||||
.cache/
|
.cache/
|
||||||
.ansible/
|
.ansible/
|
||||||
|
**/tmp/
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ rhel8STIG_stigrule_230225_Manage: True
|
|||||||
rhel8STIG_stigrule_230225_banner_Line: banner /etc/issue
|
rhel8STIG_stigrule_230225_banner_Line: banner /etc/issue
|
||||||
# R-230226 RHEL-08-010050
|
# R-230226 RHEL-08-010050
|
||||||
rhel8STIG_stigrule_230226_Manage: True
|
rhel8STIG_stigrule_230226_Manage: True
|
||||||
rhel8STIG_stigrule_230226__etc_dconf_db_local_d_01_banner_message_Value: '''You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n-At any time, the USG may inspect and seize data stored on this IS.\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.'''
|
rhel8STIG_stigrule_230226__etc_dconf_db_local_d_01_banner_message_Value: "''You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n-At any time, the USG may inspect and seize data stored on this IS.\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.''"
|
||||||
# R-230227 RHEL-08-010060
|
# R-230227 RHEL-08-010060
|
||||||
rhel8STIG_stigrule_230227_Manage: True
|
rhel8STIG_stigrule_230227_Manage: True
|
||||||
rhel8STIG_stigrule_230227__etc_issue_Dest: /etc/issue
|
rhel8STIG_stigrule_230227__etc_issue_Dest: /etc/issue
|
||||||
@@ -43,9 +43,6 @@ rhel8STIG_stigrule_230241_policycoreutils_State: installed
|
|||||||
# R-230244 RHEL-08-010200
|
# R-230244 RHEL-08-010200
|
||||||
rhel8STIG_stigrule_230244_Manage: True
|
rhel8STIG_stigrule_230244_Manage: True
|
||||||
rhel8STIG_stigrule_230244_ClientAliveCountMax_Line: ClientAliveCountMax 1
|
rhel8STIG_stigrule_230244_ClientAliveCountMax_Line: ClientAliveCountMax 1
|
||||||
# R-230252 RHEL-08-010291
|
|
||||||
rhel8STIG_stigrule_230252_Manage: True
|
|
||||||
rhel8STIG_stigrule_230252__etc_sysconfig_sshd_Line: '# CRYPTO_POLICY='
|
|
||||||
# R-230255 RHEL-08-010294
|
# R-230255 RHEL-08-010294
|
||||||
rhel8STIG_stigrule_230255_Manage: True
|
rhel8STIG_stigrule_230255_Manage: True
|
||||||
rhel8STIG_stigrule_230255__etc_crypto_policies_back_ends_opensslcnf_config_Line: 'MinProtocol = TLSv1.2'
|
rhel8STIG_stigrule_230255__etc_crypto_policies_back_ends_opensslcnf_config_Line: 'MinProtocol = TLSv1.2'
|
||||||
@@ -138,16 +135,9 @@ rhel8STIG_stigrule_230346__etc_security_limits_conf_Line: '* hard maxlogins 10'
|
|||||||
# R-230347 RHEL-08-020030
|
# R-230347 RHEL-08-020030
|
||||||
rhel8STIG_stigrule_230347_Manage: True
|
rhel8STIG_stigrule_230347_Manage: True
|
||||||
rhel8STIG_stigrule_230347__etc_dconf_db_local_d_00_screensaver_Value: 'true'
|
rhel8STIG_stigrule_230347__etc_dconf_db_local_d_00_screensaver_Value: 'true'
|
||||||
# R-230348 RHEL-08-020040
|
|
||||||
rhel8STIG_stigrule_230348_Manage: True
|
|
||||||
rhel8STIG_stigrule_230348_ensure_tmux_is_installed_State: installed
|
|
||||||
rhel8STIG_stigrule_230348__etc_tmux_conf_Line: 'set -g lock-command vlock'
|
|
||||||
# R-230352 RHEL-08-020060
|
# R-230352 RHEL-08-020060
|
||||||
rhel8STIG_stigrule_230352_Manage: True
|
rhel8STIG_stigrule_230352_Manage: True
|
||||||
rhel8STIG_stigrule_230352__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 900'
|
rhel8STIG_stigrule_230352__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 900'
|
||||||
# R-230353 RHEL-08-020070
|
|
||||||
rhel8STIG_stigrule_230353_Manage: True
|
|
||||||
rhel8STIG_stigrule_230353__etc_tmux_conf_Line: 'set -g lock-after-time 900'
|
|
||||||
# R-230354 RHEL-08-020080
|
# R-230354 RHEL-08-020080
|
||||||
rhel8STIG_stigrule_230354_Manage: True
|
rhel8STIG_stigrule_230354_Manage: True
|
||||||
rhel8STIG_stigrule_230354__etc_dconf_db_local_d_locks_session_Line: '/org/gnome/desktop/screensaver/lock-delay'
|
rhel8STIG_stigrule_230354__etc_dconf_db_local_d_locks_session_Line: '/org/gnome/desktop/screensaver/lock-delay'
|
||||||
@@ -335,8 +325,8 @@ rhel8STIG_stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b32_Line: '
|
|||||||
rhel8STIG_stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b64_Line: '-a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng'
|
rhel8STIG_stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b64_Line: '-a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng'
|
||||||
# R-230439 RHEL-08-030361
|
# R-230439 RHEL-08-030361
|
||||||
rhel8STIG_stigrule_230439_Manage: True
|
rhel8STIG_stigrule_230439_Manage: True
|
||||||
rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b32_Line: '-a always,exit -F arch=b32 -S rename -F auid>=1000 -F auid!=unset -k module_chng'
|
rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b32_Line: '-a always,exit -F arch=b32 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete'
|
||||||
rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b64_Line: '-a always,exit -F arch=b64 -S rename -F auid>=1000 -F auid!=unset -k module_chng'
|
rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b64_Line: '-a always,exit -F arch=b64 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete'
|
||||||
# R-230444 RHEL-08-030370
|
# R-230444 RHEL-08-030370
|
||||||
rhel8STIG_stigrule_230444_Manage: True
|
rhel8STIG_stigrule_230444_Manage: True
|
||||||
rhel8STIG_stigrule_230444__etc_audit_rules_d_audit_rules__usr_bin_gpasswd_Line: '-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-gpasswd'
|
rhel8STIG_stigrule_230444__etc_audit_rules_d_audit_rules__usr_bin_gpasswd_Line: '-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-gpasswd'
|
||||||
@@ -432,7 +422,8 @@ rhel8STIG_stigrule_230527_Manage: True
|
|||||||
rhel8STIG_stigrule_230527_RekeyLimit_Line: RekeyLimit 1G 1h
|
rhel8STIG_stigrule_230527_RekeyLimit_Line: RekeyLimit 1G 1h
|
||||||
# R-230529 RHEL-08-040170
|
# R-230529 RHEL-08-040170
|
||||||
rhel8STIG_stigrule_230529_Manage: True
|
rhel8STIG_stigrule_230529_Manage: True
|
||||||
rhel8STIG_stigrule_230529_systemctl_mask_ctrl_alt_del_target_Command: systemctl mask ctrl-alt-del.target
|
rhel8STIG_stigrule_230529_ctrl_alt_del_target_disable_Enabled: false
|
||||||
|
rhel8STIG_stigrule_230529_ctrl_alt_del_target_mask_Masked: true
|
||||||
# R-230531 RHEL-08-040172
|
# R-230531 RHEL-08-040172
|
||||||
rhel8STIG_stigrule_230531_Manage: True
|
rhel8STIG_stigrule_230531_Manage: True
|
||||||
rhel8STIG_stigrule_230531__etc_systemd_system_conf_Value: 'none'
|
rhel8STIG_stigrule_230531__etc_systemd_system_conf_Value: 'none'
|
||||||
@@ -514,6 +505,9 @@ rhel8STIG_stigrule_244523__usr_lib_systemd_system_emergency_service_Value: '-/us
|
|||||||
# R-244525 RHEL-08-010201
|
# R-244525 RHEL-08-010201
|
||||||
rhel8STIG_stigrule_244525_Manage: True
|
rhel8STIG_stigrule_244525_Manage: True
|
||||||
rhel8STIG_stigrule_244525_ClientAliveInterval_Line: ClientAliveInterval 600
|
rhel8STIG_stigrule_244525_ClientAliveInterval_Line: ClientAliveInterval 600
|
||||||
|
# R-244526 RHEL-08-010287
|
||||||
|
rhel8STIG_stigrule_244526_Manage: True
|
||||||
|
rhel8STIG_stigrule_244526__etc_sysconfig_sshd_Line: '# CRYPTO_POLICY='
|
||||||
# R-244527 RHEL-08-010472
|
# R-244527 RHEL-08-010472
|
||||||
rhel8STIG_stigrule_244527_Manage: True
|
rhel8STIG_stigrule_244527_Manage: True
|
||||||
rhel8STIG_stigrule_244527_rng_tools_State: installed
|
rhel8STIG_stigrule_244527_rng_tools_State: installed
|
||||||
@@ -526,9 +520,6 @@ rhel8STIG_stigrule_244535__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 5'
|
|||||||
# R-244536 RHEL-08-020032
|
# R-244536 RHEL-08-020032
|
||||||
rhel8STIG_stigrule_244536_Manage: True
|
rhel8STIG_stigrule_244536_Manage: True
|
||||||
rhel8STIG_stigrule_244536__etc_dconf_db_local_d_02_login_screen_Value: 'true'
|
rhel8STIG_stigrule_244536__etc_dconf_db_local_d_02_login_screen_Value: 'true'
|
||||||
# R-244537 RHEL-08-020039
|
|
||||||
rhel8STIG_stigrule_244537_Manage: True
|
|
||||||
rhel8STIG_stigrule_244537_tmux_State: installed
|
|
||||||
# R-244538 RHEL-08-020081
|
# R-244538 RHEL-08-020081
|
||||||
rhel8STIG_stigrule_244538_Manage: True
|
rhel8STIG_stigrule_244538_Manage: True
|
||||||
rhel8STIG_stigrule_244538__etc_dconf_db_local_d_locks_session_idle_delay_Line: '/org/gnome/desktop/session/idle-delay'
|
rhel8STIG_stigrule_244538__etc_dconf_db_local_d_locks_session_idle_delay_Line: '/org/gnome/desktop/session/idle-delay'
|
||||||
|
|||||||
File diff suppressed because one or more lines are too long
@@ -6,6 +6,25 @@
|
|||||||
service:
|
service:
|
||||||
name: sshd
|
name: sshd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
- name: rsyslog_restart
|
||||||
|
service:
|
||||||
|
name: rsyslog
|
||||||
|
state: restarted
|
||||||
|
- name: sysctl_load_settings
|
||||||
|
command: sysctl --system
|
||||||
|
- name: daemon_reload
|
||||||
|
systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
- name: networkmanager_reload
|
||||||
|
service:
|
||||||
|
name: NetworkManager
|
||||||
|
state: reloaded
|
||||||
|
- name: logind_restart
|
||||||
|
service:
|
||||||
|
name: systemd-logind
|
||||||
|
state: restarted
|
||||||
|
- name: with_faillock_enable
|
||||||
|
command: authselect enable-feature with-faillock
|
||||||
- name: do_reboot
|
- name: do_reboot
|
||||||
reboot:
|
reboot:
|
||||||
pre_reboot_delay: 60
|
pre_reboot_delay: 60
|
||||||
|
|||||||
@@ -88,16 +88,6 @@
|
|||||||
when:
|
when:
|
||||||
- rhel8STIG_stigrule_230244_Manage
|
- rhel8STIG_stigrule_230244_Manage
|
||||||
- "'openssh-server' in packages"
|
- "'openssh-server' in packages"
|
||||||
# R-230252 RHEL-08-010291
|
|
||||||
- name: stigrule_230252__etc_sysconfig_sshd
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/sysconfig/sshd
|
|
||||||
regexp: '^# CRYPTO_POLICY='
|
|
||||||
line: "{{ rhel8STIG_stigrule_230252__etc_sysconfig_sshd_Line }}"
|
|
||||||
create: yes
|
|
||||||
notify: do_reboot
|
|
||||||
when:
|
|
||||||
- rhel8STIG_stigrule_230252_Manage
|
|
||||||
# R-230255 RHEL-08-010294
|
# R-230255 RHEL-08-010294
|
||||||
- name: stigrule_230255__etc_crypto_policies_back_ends_opensslcnf_config
|
- name: stigrule_230255__etc_crypto_policies_back_ends_opensslcnf_config
|
||||||
lineinfile:
|
lineinfile:
|
||||||
@@ -111,6 +101,7 @@
|
|||||||
- name: stigrule_230256__etc_crypto_policies_back_ends_gnutls_config
|
- name: stigrule_230256__etc_crypto_policies_back_ends_gnutls_config
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/crypto-policies/back-ends/gnutls.config
|
path: /etc/crypto-policies/back-ends/gnutls.config
|
||||||
|
regexp: '^\+VERS'
|
||||||
line: "{{ rhel8STIG_stigrule_230256__etc_crypto_policies_back_ends_gnutls_config_Line }}"
|
line: "{{ rhel8STIG_stigrule_230256__etc_crypto_policies_back_ends_gnutls_config_Line }}"
|
||||||
create: yes
|
create: yes
|
||||||
when:
|
when:
|
||||||
@@ -422,20 +413,6 @@
|
|||||||
when:
|
when:
|
||||||
- rhel8STIG_stigrule_230347_Manage
|
- rhel8STIG_stigrule_230347_Manage
|
||||||
- "'dconf' in packages"
|
- "'dconf' in packages"
|
||||||
# R-230348 RHEL-08-020040
|
|
||||||
- name: stigrule_230348_ensure_tmux_is_installed
|
|
||||||
yum:
|
|
||||||
name: tmux
|
|
||||||
state: "{{ rhel8STIG_stigrule_230348_ensure_tmux_is_installed_State }}"
|
|
||||||
when: rhel8STIG_stigrule_230348_Manage
|
|
||||||
# R-230348 RHEL-08-020040
|
|
||||||
- name: stigrule_230348__etc_tmux_conf
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/tmux.conf
|
|
||||||
line: "{{ rhel8STIG_stigrule_230348__etc_tmux_conf_Line }}"
|
|
||||||
create: yes
|
|
||||||
when:
|
|
||||||
- rhel8STIG_stigrule_230348_Manage
|
|
||||||
# R-230352 RHEL-08-020060
|
# R-230352 RHEL-08-020060
|
||||||
- name: stigrule_230352__etc_dconf_db_local_d_00_screensaver
|
- name: stigrule_230352__etc_dconf_db_local_d_00_screensaver
|
||||||
ini_file:
|
ini_file:
|
||||||
@@ -448,20 +425,13 @@
|
|||||||
when:
|
when:
|
||||||
- rhel8STIG_stigrule_230352_Manage
|
- rhel8STIG_stigrule_230352_Manage
|
||||||
- "'dconf' in packages"
|
- "'dconf' in packages"
|
||||||
# R-230353 RHEL-08-020070
|
|
||||||
- name: stigrule_230353__etc_tmux_conf
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/tmux.conf
|
|
||||||
line: "{{ rhel8STIG_stigrule_230353__etc_tmux_conf_Line }}"
|
|
||||||
create: yes
|
|
||||||
when:
|
|
||||||
- rhel8STIG_stigrule_230353_Manage
|
|
||||||
# R-230354 RHEL-08-020080
|
# R-230354 RHEL-08-020080
|
||||||
- name: stigrule_230354__etc_dconf_db_local_d_locks_session
|
- name: stigrule_230354__etc_dconf_db_local_d_locks_session
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/dconf/db/local.d/locks/session
|
path: /etc/dconf/db/local.d/locks/session
|
||||||
line: "{{ rhel8STIG_stigrule_230354__etc_dconf_db_local_d_locks_session_Line }}"
|
line: "{{ rhel8STIG_stigrule_230354__etc_dconf_db_local_d_locks_session_Line }}"
|
||||||
create: yes
|
create: yes
|
||||||
|
notify: dconf_update
|
||||||
when:
|
when:
|
||||||
- rhel8STIG_stigrule_230354_Manage
|
- rhel8STIG_stigrule_230354_Manage
|
||||||
# R-230357 RHEL-08-020110
|
# R-230357 RHEL-08-020110
|
||||||
@@ -610,7 +580,7 @@
|
|||||||
when:
|
when:
|
||||||
- rhel8STIG_stigrule_230383_Manage
|
- rhel8STIG_stigrule_230383_Manage
|
||||||
# R-230386 RHEL-08-030000
|
# R-230386 RHEL-08-030000
|
||||||
- name : stigrule_230386__etc_audit_rules_d_audit_rules_execve_euid_b32
|
- name: stigrule_230386__etc_audit_rules_d_audit_rules_execve_euid_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k execpriv$'
|
regexp: '^-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k execpriv$'
|
||||||
@@ -618,7 +588,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230386_Manage
|
when: rhel8STIG_stigrule_230386_Manage
|
||||||
# R-230386 RHEL-08-030000
|
# R-230386 RHEL-08-030000
|
||||||
- name : stigrule_230386__etc_audit_rules_d_audit_rules_execve_euid_b64
|
- name: stigrule_230386__etc_audit_rules_d_audit_rules_execve_euid_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k execpriv$'
|
regexp: '^-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k execpriv$'
|
||||||
@@ -626,7 +596,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230386_Manage
|
when: rhel8STIG_stigrule_230386_Manage
|
||||||
# R-230386 RHEL-08-030000
|
# R-230386 RHEL-08-030000
|
||||||
- name : stigrule_230386__etc_audit_rules_d_audit_rules_execve_egid_b32
|
- name: stigrule_230386__etc_audit_rules_d_audit_rules_execve_egid_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k execpriv$'
|
regexp: '^-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k execpriv$'
|
||||||
@@ -634,7 +604,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230386_Manage
|
when: rhel8STIG_stigrule_230386_Manage
|
||||||
# R-230386 RHEL-08-030000
|
# R-230386 RHEL-08-030000
|
||||||
- name : stigrule_230386__etc_audit_rules_d_audit_rules_execve_egid_b64
|
- name: stigrule_230386__etc_audit_rules_d_audit_rules_execve_egid_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k execpriv$'
|
regexp: '^-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k execpriv$'
|
||||||
@@ -719,7 +689,7 @@
|
|||||||
when:
|
when:
|
||||||
- rhel8STIG_stigrule_230395_Manage
|
- rhel8STIG_stigrule_230395_Manage
|
||||||
# R-230402 RHEL-08-030121
|
# R-230402 RHEL-08-030121
|
||||||
- name : stigrule_230402__etc_audit_rules_d_audit_rules_e2
|
- name: stigrule_230402__etc_audit_rules_d_audit_rules_e2
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-e 2$'
|
regexp: '^-e 2$'
|
||||||
@@ -727,7 +697,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230402_Manage
|
when: rhel8STIG_stigrule_230402_Manage
|
||||||
# R-230403 RHEL-08-030122
|
# R-230403 RHEL-08-030122
|
||||||
- name : stigrule_230403__etc_audit_rules_d_audit_rules_loginuid_immutable
|
- name: stigrule_230403__etc_audit_rules_d_audit_rules_loginuid_immutable
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^--loginuid-immutable$'
|
regexp: '^--loginuid-immutable$'
|
||||||
@@ -735,7 +705,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230403_Manage
|
when: rhel8STIG_stigrule_230403_Manage
|
||||||
# R-230404 RHEL-08-030130
|
# R-230404 RHEL-08-030130
|
||||||
- name : stigrule_230404__etc_audit_rules_d_audit_rules__etc_shadow
|
- name: stigrule_230404__etc_audit_rules_d_audit_rules__etc_shadow
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /etc/shadow -p wa -k identity$'
|
regexp: '^-w /etc/shadow -p wa -k identity$'
|
||||||
@@ -743,7 +713,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230404_Manage
|
when: rhel8STIG_stigrule_230404_Manage
|
||||||
# R-230405 RHEL-08-030140
|
# R-230405 RHEL-08-030140
|
||||||
- name : stigrule_230405__etc_audit_rules_d_audit_rules__etc_security_opasswd
|
- name: stigrule_230405__etc_audit_rules_d_audit_rules__etc_security_opasswd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /etc/security/opasswd -p wa -k identity$'
|
regexp: '^-w /etc/security/opasswd -p wa -k identity$'
|
||||||
@@ -751,7 +721,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230405_Manage
|
when: rhel8STIG_stigrule_230405_Manage
|
||||||
# R-230406 RHEL-08-030150
|
# R-230406 RHEL-08-030150
|
||||||
- name : stigrule_230406__etc_audit_rules_d_audit_rules__etc_passwd
|
- name: stigrule_230406__etc_audit_rules_d_audit_rules__etc_passwd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /etc/passwd -p wa -k identity$'
|
regexp: '^-w /etc/passwd -p wa -k identity$'
|
||||||
@@ -759,7 +729,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230406_Manage
|
when: rhel8STIG_stigrule_230406_Manage
|
||||||
# R-230407 RHEL-08-030160
|
# R-230407 RHEL-08-030160
|
||||||
- name : stigrule_230407__etc_audit_rules_d_audit_rules__etc_gshadow
|
- name: stigrule_230407__etc_audit_rules_d_audit_rules__etc_gshadow
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /etc/gshadow -p wa -k identity$'
|
regexp: '^-w /etc/gshadow -p wa -k identity$'
|
||||||
@@ -767,7 +737,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230407_Manage
|
when: rhel8STIG_stigrule_230407_Manage
|
||||||
# R-230408 RHEL-08-030170
|
# R-230408 RHEL-08-030170
|
||||||
- name : stigrule_230408__etc_audit_rules_d_audit_rules__etc_group
|
- name: stigrule_230408__etc_audit_rules_d_audit_rules__etc_group
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /etc/group -p wa -k identity$'
|
regexp: '^-w /etc/group -p wa -k identity$'
|
||||||
@@ -775,7 +745,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230408_Manage
|
when: rhel8STIG_stigrule_230408_Manage
|
||||||
# R-230409 RHEL-08-030171
|
# R-230409 RHEL-08-030171
|
||||||
- name : stigrule_230409__etc_audit_rules_d_audit_rules__etc_sudoers
|
- name: stigrule_230409__etc_audit_rules_d_audit_rules__etc_sudoers
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /etc/sudoers -p wa -k identity$'
|
regexp: '^-w /etc/sudoers -p wa -k identity$'
|
||||||
@@ -783,7 +753,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230409_Manage
|
when: rhel8STIG_stigrule_230409_Manage
|
||||||
# R-230410 RHEL-08-030172
|
# R-230410 RHEL-08-030172
|
||||||
- name : stigrule_230410__etc_audit_rules_d_audit_rules__etc_sudoers_d_
|
- name: stigrule_230410__etc_audit_rules_d_audit_rules__etc_sudoers_d_
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /etc/sudoers.d/ -p wa -k identity$'
|
regexp: '^-w /etc/sudoers.d/ -p wa -k identity$'
|
||||||
@@ -797,7 +767,7 @@
|
|||||||
state: "{{ rhel8STIG_stigrule_230411_audit_State }}"
|
state: "{{ rhel8STIG_stigrule_230411_audit_State }}"
|
||||||
when: rhel8STIG_stigrule_230411_Manage
|
when: rhel8STIG_stigrule_230411_Manage
|
||||||
# R-230412 RHEL-08-030190
|
# R-230412 RHEL-08-030190
|
||||||
- name : stigrule_230412__etc_audit_rules_d_audit_rules__usr_bin_su
|
- name: stigrule_230412__etc_audit_rules_d_audit_rules__usr_bin_su
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=unset -k privileged-priv_change$'
|
regexp: '^-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=unset -k privileged-priv_change$'
|
||||||
@@ -805,7 +775,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230412_Manage
|
when: rhel8STIG_stigrule_230412_Manage
|
||||||
# R-230413 RHEL-08-030200
|
# R-230413 RHEL-08-030200
|
||||||
- name : stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b32_unset
|
- name: stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b32_unset
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -813,7 +783,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230413_Manage
|
when: rhel8STIG_stigrule_230413_Manage
|
||||||
# R-230413 RHEL-08-030200
|
# R-230413 RHEL-08-030200
|
||||||
- name : stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b64_unset
|
- name: stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b64_unset
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -821,7 +791,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230413_Manage
|
when: rhel8STIG_stigrule_230413_Manage
|
||||||
# R-230413 RHEL-08-030200
|
# R-230413 RHEL-08-030200
|
||||||
- name : stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b32
|
- name: stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod$'
|
||||||
@@ -829,7 +799,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230413_Manage
|
when: rhel8STIG_stigrule_230413_Manage
|
||||||
# R-230413 RHEL-08-030200
|
# R-230413 RHEL-08-030200
|
||||||
- name : stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b64
|
- name: stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod$'
|
||||||
@@ -837,7 +807,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230413_Manage
|
when: rhel8STIG_stigrule_230413_Manage
|
||||||
# R-230418 RHEL-08-030250
|
# R-230418 RHEL-08-030250
|
||||||
- name : stigrule_230418__etc_audit_rules_d_audit_rules__usr_bin_chage
|
- name: stigrule_230418__etc_audit_rules_d_audit_rules__usr_bin_chage
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-chage$'
|
regexp: '^-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-chage$'
|
||||||
@@ -845,7 +815,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230418_Manage
|
when: rhel8STIG_stigrule_230418_Manage
|
||||||
# R-230419 RHEL-08-030260
|
# R-230419 RHEL-08-030260
|
||||||
- name : stigrule_230419__etc_audit_rules_d_audit_rules__usr_bin_chcon
|
- name: stigrule_230419__etc_audit_rules_d_audit_rules__usr_bin_chcon
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -853,7 +823,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230419_Manage
|
when: rhel8STIG_stigrule_230419_Manage
|
||||||
# R-230421 RHEL-08-030280
|
# R-230421 RHEL-08-030280
|
||||||
- name : stigrule_230421__etc_audit_rules_d_audit_rules__usr_bin_ssh_agent
|
- name: stigrule_230421__etc_audit_rules_d_audit_rules__usr_bin_ssh_agent
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh$'
|
regexp: '^-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh$'
|
||||||
@@ -861,7 +831,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230421_Manage
|
when: rhel8STIG_stigrule_230421_Manage
|
||||||
# R-230422 RHEL-08-030290
|
# R-230422 RHEL-08-030290
|
||||||
- name : stigrule_230422__etc_audit_rules_d_audit_rules__usr_bin_passwd
|
- name: stigrule_230422__etc_audit_rules_d_audit_rules__usr_bin_passwd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-passwd$'
|
regexp: '^-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-passwd$'
|
||||||
@@ -869,7 +839,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230422_Manage
|
when: rhel8STIG_stigrule_230422_Manage
|
||||||
# R-230423 RHEL-08-030300
|
# R-230423 RHEL-08-030300
|
||||||
- name : stigrule_230423__etc_audit_rules_d_audit_rules__usr_bin_mount
|
- name: stigrule_230423__etc_audit_rules_d_audit_rules__usr_bin_mount
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount$'
|
regexp: '^-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount$'
|
||||||
@@ -877,7 +847,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230423_Manage
|
when: rhel8STIG_stigrule_230423_Manage
|
||||||
# R-230424 RHEL-08-030301
|
# R-230424 RHEL-08-030301
|
||||||
- name : stigrule_230424__etc_audit_rules_d_audit_rules__usr_bin_umount
|
- name: stigrule_230424__etc_audit_rules_d_audit_rules__usr_bin_umount
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount$'
|
regexp: '^-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount$'
|
||||||
@@ -885,7 +855,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230424_Manage
|
when: rhel8STIG_stigrule_230424_Manage
|
||||||
# R-230425 RHEL-08-030302
|
# R-230425 RHEL-08-030302
|
||||||
- name : stigrule_230425__etc_audit_rules_d_audit_rules_mount_b32
|
- name: stigrule_230425__etc_audit_rules_d_audit_rules_mount_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=unset -k privileged-mount$'
|
regexp: '^-a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=unset -k privileged-mount$'
|
||||||
@@ -893,7 +863,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230425_Manage
|
when: rhel8STIG_stigrule_230425_Manage
|
||||||
# R-230425 RHEL-08-030302
|
# R-230425 RHEL-08-030302
|
||||||
- name : stigrule_230425__etc_audit_rules_d_audit_rules_mount_b64
|
- name: stigrule_230425__etc_audit_rules_d_audit_rules_mount_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=unset -k privileged-mount$'
|
regexp: '^-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=unset -k privileged-mount$'
|
||||||
@@ -901,7 +871,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230425_Manage
|
when: rhel8STIG_stigrule_230425_Manage
|
||||||
# R-230426 RHEL-08-030310
|
# R-230426 RHEL-08-030310
|
||||||
- name : stigrule_230426__etc_audit_rules_d_audit_rules__usr_sbin_unix_update
|
- name: stigrule_230426__etc_audit_rules_d_audit_rules__usr_sbin_unix_update
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/unix_update -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/unix_update -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -909,7 +879,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230426_Manage
|
when: rhel8STIG_stigrule_230426_Manage
|
||||||
# R-230427 RHEL-08-030311
|
# R-230427 RHEL-08-030311
|
||||||
- name : stigrule_230427__etc_audit_rules_d_audit_rules__usr_sbin_postdrop
|
- name: stigrule_230427__etc_audit_rules_d_audit_rules__usr_sbin_postdrop
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -917,7 +887,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230427_Manage
|
when: rhel8STIG_stigrule_230427_Manage
|
||||||
# R-230428 RHEL-08-030312
|
# R-230428 RHEL-08-030312
|
||||||
- name : stigrule_230428__etc_audit_rules_d_audit_rules__usr_sbin_postqueue
|
- name: stigrule_230428__etc_audit_rules_d_audit_rules__usr_sbin_postqueue
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -925,7 +895,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230428_Manage
|
when: rhel8STIG_stigrule_230428_Manage
|
||||||
# R-230429 RHEL-08-030313
|
# R-230429 RHEL-08-030313
|
||||||
- name : stigrule_230429__etc_audit_rules_d_audit_rules__usr_sbin_semanage
|
- name: stigrule_230429__etc_audit_rules_d_audit_rules__usr_sbin_semanage
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -933,7 +903,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230429_Manage
|
when: rhel8STIG_stigrule_230429_Manage
|
||||||
# R-230430 RHEL-08-030314
|
# R-230430 RHEL-08-030314
|
||||||
- name : stigrule_230430__etc_audit_rules_d_audit_rules__usr_sbin_setfiles
|
- name: stigrule_230430__etc_audit_rules_d_audit_rules__usr_sbin_setfiles
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -941,7 +911,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230430_Manage
|
when: rhel8STIG_stigrule_230430_Manage
|
||||||
# R-230431 RHEL-08-030315
|
# R-230431 RHEL-08-030315
|
||||||
- name : stigrule_230431__etc_audit_rules_d_audit_rules__usr_sbin_userhelper
|
- name: stigrule_230431__etc_audit_rules_d_audit_rules__usr_sbin_userhelper
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -949,7 +919,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230431_Manage
|
when: rhel8STIG_stigrule_230431_Manage
|
||||||
# R-230432 RHEL-08-030316
|
# R-230432 RHEL-08-030316
|
||||||
- name : stigrule_230432__etc_audit_rules_d_audit_rules__usr_sbin_setsebool
|
- name: stigrule_230432__etc_audit_rules_d_audit_rules__usr_sbin_setsebool
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -957,7 +927,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230432_Manage
|
when: rhel8STIG_stigrule_230432_Manage
|
||||||
# R-230433 RHEL-08-030317
|
# R-230433 RHEL-08-030317
|
||||||
- name : stigrule_230433__etc_audit_rules_d_audit_rules__usr_sbin_unix_chkpwd
|
- name: stigrule_230433__etc_audit_rules_d_audit_rules__usr_sbin_unix_chkpwd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -965,7 +935,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230433_Manage
|
when: rhel8STIG_stigrule_230433_Manage
|
||||||
# R-230434 RHEL-08-030320
|
# R-230434 RHEL-08-030320
|
||||||
- name : stigrule_230434__etc_audit_rules_d_audit_rules__usr_libexec_openssh_ssh_keysign
|
- name: stigrule_230434__etc_audit_rules_d_audit_rules__usr_libexec_openssh_ssh_keysign
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh$'
|
regexp: '^-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh$'
|
||||||
@@ -973,7 +943,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230434_Manage
|
when: rhel8STIG_stigrule_230434_Manage
|
||||||
# R-230435 RHEL-08-030330
|
# R-230435 RHEL-08-030330
|
||||||
- name : stigrule_230435__etc_audit_rules_d_audit_rules__usr_bin_setfacl
|
- name: stigrule_230435__etc_audit_rules_d_audit_rules__usr_bin_setfacl
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -981,7 +951,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230435_Manage
|
when: rhel8STIG_stigrule_230435_Manage
|
||||||
# R-230436 RHEL-08-030340
|
# R-230436 RHEL-08-030340
|
||||||
- name : stigrule_230436__etc_audit_rules_d_audit_rules__usr_sbin_pam_timestamp_check
|
- name: stigrule_230436__etc_audit_rules_d_audit_rules__usr_sbin_pam_timestamp_check
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=unset -k privileged-pam_timestamp_check$'
|
regexp: '^-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=unset -k privileged-pam_timestamp_check$'
|
||||||
@@ -989,7 +959,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230436_Manage
|
when: rhel8STIG_stigrule_230436_Manage
|
||||||
# R-230437 RHEL-08-030350
|
# R-230437 RHEL-08-030350
|
||||||
- name : stigrule_230437__etc_audit_rules_d_audit_rules__usr_bin_newgrp
|
- name: stigrule_230437__etc_audit_rules_d_audit_rules__usr_bin_newgrp
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
|
regexp: '^-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
|
||||||
@@ -997,7 +967,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230437_Manage
|
when: rhel8STIG_stigrule_230437_Manage
|
||||||
# R-230438 RHEL-08-030360
|
# R-230438 RHEL-08-030360
|
||||||
- name : stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b32
|
- name: stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
regexp: '^-a always,exit -F arch=b32 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
||||||
@@ -1005,7 +975,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230438_Manage
|
when: rhel8STIG_stigrule_230438_Manage
|
||||||
# R-230438 RHEL-08-030360
|
# R-230438 RHEL-08-030360
|
||||||
- name : stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b64
|
- name: stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
regexp: '^-a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
||||||
@@ -1013,23 +983,23 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230438_Manage
|
when: rhel8STIG_stigrule_230438_Manage
|
||||||
# R-230439 RHEL-08-030361
|
# R-230439 RHEL-08-030361
|
||||||
- name : stigrule_230439__etc_audit_rules_d_audit_rules_rename_b32
|
- name: stigrule_230439__etc_audit_rules_d_audit_rules_rename_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S rename -F auid>=1000 -F auid!=unset -k module_chng$'
|
regexp: '^-a always,exit -F arch=b32 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete$'
|
||||||
line: "{{ rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b32_Line }}"
|
line: "{{ rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b32_Line }}"
|
||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230439_Manage
|
when: rhel8STIG_stigrule_230439_Manage
|
||||||
# R-230439 RHEL-08-030361
|
# R-230439 RHEL-08-030361
|
||||||
- name : stigrule_230439__etc_audit_rules_d_audit_rules_rename_b64
|
- name: stigrule_230439__etc_audit_rules_d_audit_rules_rename_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S rename -F auid>=1000 -F auid!=unset -k module_chng$'
|
regexp: '^-a always,exit -F arch=b64 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete$'
|
||||||
line: "{{ rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b64_Line }}"
|
line: "{{ rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b64_Line }}"
|
||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230439_Manage
|
when: rhel8STIG_stigrule_230439_Manage
|
||||||
# R-230444 RHEL-08-030370
|
# R-230444 RHEL-08-030370
|
||||||
- name : stigrule_230444__etc_audit_rules_d_audit_rules__usr_bin_gpasswd
|
- name: stigrule_230444__etc_audit_rules_d_audit_rules__usr_bin_gpasswd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-gpasswd$'
|
regexp: '^-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-gpasswd$'
|
||||||
@@ -1037,7 +1007,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230444_Manage
|
when: rhel8STIG_stigrule_230444_Manage
|
||||||
# R-230446 RHEL-08-030390
|
# R-230446 RHEL-08-030390
|
||||||
- name : stigrule_230446__etc_audit_rules_d_audit_rules_delete_module_b32
|
- name: stigrule_230446__etc_audit_rules_d_audit_rules_delete_module_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
regexp: '^-a always,exit -F arch=b32 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
||||||
@@ -1045,7 +1015,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230446_Manage
|
when: rhel8STIG_stigrule_230446_Manage
|
||||||
# R-230446 RHEL-08-030390
|
# R-230446 RHEL-08-030390
|
||||||
- name : stigrule_230446__etc_audit_rules_d_audit_rules_delete_module_b64
|
- name: stigrule_230446__etc_audit_rules_d_audit_rules_delete_module_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
regexp: '^-a always,exit -F arch=b64 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
||||||
@@ -1053,7 +1023,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230446_Manage
|
when: rhel8STIG_stigrule_230446_Manage
|
||||||
# R-230447 RHEL-08-030400
|
# R-230447 RHEL-08-030400
|
||||||
- name : stigrule_230447__etc_audit_rules_d_audit_rules__usr_bin_crontab
|
- name: stigrule_230447__etc_audit_rules_d_audit_rules__usr_bin_crontab
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -k privileged-crontab$'
|
regexp: '^-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -k privileged-crontab$'
|
||||||
@@ -1061,7 +1031,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230447_Manage
|
when: rhel8STIG_stigrule_230447_Manage
|
||||||
# R-230448 RHEL-08-030410
|
# R-230448 RHEL-08-030410
|
||||||
- name : stigrule_230448__etc_audit_rules_d_audit_rules__usr_bin_chsh
|
- name: stigrule_230448__etc_audit_rules_d_audit_rules__usr_bin_chsh
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
|
regexp: '^-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
|
||||||
@@ -1069,7 +1039,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230448_Manage
|
when: rhel8STIG_stigrule_230448_Manage
|
||||||
# R-230449 RHEL-08-030420
|
# R-230449 RHEL-08-030420
|
||||||
- name : stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EPERM_b32
|
- name: stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EPERM_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access$'
|
regexp: '^-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access$'
|
||||||
@@ -1077,7 +1047,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230449_Manage
|
when: rhel8STIG_stigrule_230449_Manage
|
||||||
# R-230449 RHEL-08-030420
|
# R-230449 RHEL-08-030420
|
||||||
- name : stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EPERM_b64
|
- name: stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EPERM_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access$'
|
regexp: '^-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access$'
|
||||||
@@ -1085,7 +1055,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230449_Manage
|
when: rhel8STIG_stigrule_230449_Manage
|
||||||
# R-230449 RHEL-08-030420
|
# R-230449 RHEL-08-030420
|
||||||
- name : stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EACCES_b32
|
- name: stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EACCES_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access$'
|
regexp: '^-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access$'
|
||||||
@@ -1093,7 +1063,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230449_Manage
|
when: rhel8STIG_stigrule_230449_Manage
|
||||||
# R-230449 RHEL-08-030420
|
# R-230449 RHEL-08-030420
|
||||||
- name : stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EACCES_b64
|
- name: stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EACCES_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access$'
|
regexp: '^-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access$'
|
||||||
@@ -1101,7 +1071,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230449_Manage
|
when: rhel8STIG_stigrule_230449_Manage
|
||||||
# R-230455 RHEL-08-030480
|
# R-230455 RHEL-08-030480
|
||||||
- name : stigrule_230455__etc_audit_rules_d_audit_rules_chown_b32
|
- name: stigrule_230455__etc_audit_rules_d_audit_rules_chown_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -1109,7 +1079,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230455_Manage
|
when: rhel8STIG_stigrule_230455_Manage
|
||||||
# R-230455 RHEL-08-030480
|
# R-230455 RHEL-08-030480
|
||||||
- name : stigrule_230455__etc_audit_rules_d_audit_rules_chown_b64
|
- name: stigrule_230455__etc_audit_rules_d_audit_rules_chown_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -1117,7 +1087,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230455_Manage
|
when: rhel8STIG_stigrule_230455_Manage
|
||||||
# R-230456 RHEL-08-030490
|
# R-230456 RHEL-08-030490
|
||||||
- name : stigrule_230456__etc_audit_rules_d_audit_rules_chmod_b32
|
- name: stigrule_230456__etc_audit_rules_d_audit_rules_chmod_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -1125,7 +1095,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230456_Manage
|
when: rhel8STIG_stigrule_230456_Manage
|
||||||
# R-230456 RHEL-08-030490
|
# R-230456 RHEL-08-030490
|
||||||
- name : stigrule_230456__etc_audit_rules_d_audit_rules_chmod_b64
|
- name: stigrule_230456__etc_audit_rules_d_audit_rules_chmod_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -1133,7 +1103,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230456_Manage
|
when: rhel8STIG_stigrule_230456_Manage
|
||||||
# R-230462 RHEL-08-030550
|
# R-230462 RHEL-08-030550
|
||||||
- name : stigrule_230462__etc_audit_rules_d_audit_rules__usr_bin_sudo
|
- name: stigrule_230462__etc_audit_rules_d_audit_rules__usr_bin_sudo
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
|
regexp: '^-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
|
||||||
@@ -1141,7 +1111,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230462_Manage
|
when: rhel8STIG_stigrule_230462_Manage
|
||||||
# R-230463 RHEL-08-030560
|
# R-230463 RHEL-08-030560
|
||||||
- name : stigrule_230463__etc_audit_rules_d_audit_rules__usr_sbin_usermod
|
- name: stigrule_230463__etc_audit_rules_d_audit_rules__usr_sbin_usermod
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=unset -k privileged-usermod$'
|
regexp: '^-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=unset -k privileged-usermod$'
|
||||||
@@ -1149,7 +1119,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230463_Manage
|
when: rhel8STIG_stigrule_230463_Manage
|
||||||
# R-230464 RHEL-08-030570
|
# R-230464 RHEL-08-030570
|
||||||
- name : stigrule_230464__etc_audit_rules_d_audit_rules__usr_bin_chacl
|
- name: stigrule_230464__etc_audit_rules_d_audit_rules__usr_bin_chacl
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -1157,7 +1127,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230464_Manage
|
when: rhel8STIG_stigrule_230464_Manage
|
||||||
# R-230465 RHEL-08-030580
|
# R-230465 RHEL-08-030580
|
||||||
- name : stigrule_230465__etc_audit_rules_d_audit_rules__usr_bin_kmod
|
- name: stigrule_230465__etc_audit_rules_d_audit_rules__usr_bin_kmod
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -k modules$'
|
regexp: '^-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -k modules$'
|
||||||
@@ -1165,7 +1135,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230465_Manage
|
when: rhel8STIG_stigrule_230465_Manage
|
||||||
# R-230466 RHEL-08-030590
|
# R-230466 RHEL-08-030590
|
||||||
- name : stigrule_230466__etc_audit_rules_d_audit_rules__var_log_faillock
|
- name: stigrule_230466__etc_audit_rules_d_audit_rules__var_log_faillock
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /var/log/faillock -p wa -k logins$'
|
regexp: '^-w /var/log/faillock -p wa -k logins$'
|
||||||
@@ -1173,7 +1143,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel8STIG_stigrule_230466_Manage
|
when: rhel8STIG_stigrule_230466_Manage
|
||||||
# R-230467 RHEL-08-030600
|
# R-230467 RHEL-08-030600
|
||||||
- name : stigrule_230467__etc_audit_rules_d_audit_rules__var_log_lastlog
|
- name: stigrule_230467__etc_audit_rules_d_audit_rules__var_log_lastlog
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /var/log/lastlog -p wa -k logins$'
|
regexp: '^-w /var/log/lastlog -p wa -k logins$'
|
||||||
@@ -1296,7 +1266,7 @@
|
|||||||
when: rhel8STIG_stigrule_230505_Manage
|
when: rhel8STIG_stigrule_230505_Manage
|
||||||
# R-230506 RHEL-08-040110
|
# R-230506 RHEL-08-040110
|
||||||
- name: check if wireless network adapters are disabled
|
- name: check if wireless network adapters are disabled
|
||||||
shell: "[[ $(nmcli radio wifi) == 'enabled' ]]"
|
shell: "[[ $(nmcli radio wifi) == 'enabled' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1337,13 +1307,33 @@
|
|||||||
- rhel8STIG_stigrule_230527_Manage
|
- rhel8STIG_stigrule_230527_Manage
|
||||||
- "'openssh-server' in packages"
|
- "'openssh-server' in packages"
|
||||||
# R-230529 RHEL-08-040170
|
# R-230529 RHEL-08-040170
|
||||||
- name: stigrule_230529_systemctl_mask_ctrl_alt_del_target
|
- name: check if ctrl-alt-del.target is installed
|
||||||
systemd:
|
shell: ! systemctl list-unit-files | grep "^ctrl-alt-del.target[ \t]\+"
|
||||||
|
changed_when: False
|
||||||
|
check_mode: no
|
||||||
|
register: result
|
||||||
|
failed_when: result.rc > 1
|
||||||
|
- name: stigrule_230529_ctrl_alt_del_target_disable
|
||||||
|
systemd_service:
|
||||||
name: ctrl-alt-del.target
|
name: ctrl-alt-del.target
|
||||||
enabled: no
|
enabled: "{{ rhel8STIG_stigrule_230529_ctrl_alt_del_target_disable_Enabled }}"
|
||||||
masked: yes
|
|
||||||
when:
|
when:
|
||||||
- rhel8STIG_stigrule_230529_Manage
|
- rhel8STIG_stigrule_230529_Manage
|
||||||
|
- result.rc == 0
|
||||||
|
# R-230529 RHEL-08-040170
|
||||||
|
- name: check if ctrl-alt-del.target is installed
|
||||||
|
shell: ! systemctl list-unit-files | grep "^ctrl-alt-del.target[ \t]\+"
|
||||||
|
changed_when: False
|
||||||
|
check_mode: no
|
||||||
|
register: result
|
||||||
|
failed_when: result.rc > 1
|
||||||
|
- name: stigrule_230529_ctrl_alt_del_target_mask
|
||||||
|
systemd_service:
|
||||||
|
name: ctrl-alt-del.target
|
||||||
|
masked: "{{ rhel8STIG_stigrule_230529_ctrl_alt_del_target_mask_Masked }}"
|
||||||
|
when:
|
||||||
|
- rhel8STIG_stigrule_230529_Manage
|
||||||
|
- result.rc == 0
|
||||||
# R-230531 RHEL-08-040172
|
# R-230531 RHEL-08-040172
|
||||||
- name: stigrule_230531__etc_systemd_system_conf
|
- name: stigrule_230531__etc_systemd_system_conf
|
||||||
ini_file:
|
ini_file:
|
||||||
@@ -1364,7 +1354,7 @@
|
|||||||
when: rhel8STIG_stigrule_230533_Manage
|
when: rhel8STIG_stigrule_230533_Manage
|
||||||
# R-230535 RHEL-08-040210
|
# R-230535 RHEL-08-040210
|
||||||
- name: check if ipv6 is enabled
|
- name: check if ipv6 is enabled
|
||||||
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1392,7 +1382,7 @@
|
|||||||
- rhel8STIG_stigrule_230537_Manage
|
- rhel8STIG_stigrule_230537_Manage
|
||||||
# R-230538 RHEL-08-040240
|
# R-230538 RHEL-08-040240
|
||||||
- name: check if ipv6 is enabled
|
- name: check if ipv6 is enabled
|
||||||
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1406,7 +1396,7 @@
|
|||||||
- cmd_result.rc == 0
|
- cmd_result.rc == 0
|
||||||
# R-230539 RHEL-08-040250
|
# R-230539 RHEL-08-040250
|
||||||
- name: check if ipv6 is enabled
|
- name: check if ipv6 is enabled
|
||||||
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1427,7 +1417,7 @@
|
|||||||
- rhel8STIG_stigrule_230540_Manage
|
- rhel8STIG_stigrule_230540_Manage
|
||||||
# R-230540 RHEL-08-040260
|
# R-230540 RHEL-08-040260
|
||||||
- name: check if ipv6 is enabled
|
- name: check if ipv6 is enabled
|
||||||
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1441,7 +1431,7 @@
|
|||||||
- cmd_result.rc == 0
|
- cmd_result.rc == 0
|
||||||
# R-230541 RHEL-08-040261
|
# R-230541 RHEL-08-040261
|
||||||
- name: check if ipv6 is enabled
|
- name: check if ipv6 is enabled
|
||||||
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1455,7 +1445,7 @@
|
|||||||
- cmd_result.rc == 0
|
- cmd_result.rc == 0
|
||||||
# R-230542 RHEL-08-040262
|
# R-230542 RHEL-08-040262
|
||||||
- name: check if ipv6 is enabled
|
- name: check if ipv6 is enabled
|
||||||
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1476,7 +1466,7 @@
|
|||||||
- rhel8STIG_stigrule_230543_Manage
|
- rhel8STIG_stigrule_230543_Manage
|
||||||
# R-230544 RHEL-08-040280
|
# R-230544 RHEL-08-040280
|
||||||
- name: check if ipv6 is enabled
|
- name: check if ipv6 is enabled
|
||||||
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1623,6 +1613,16 @@
|
|||||||
when:
|
when:
|
||||||
- rhel8STIG_stigrule_244525_Manage
|
- rhel8STIG_stigrule_244525_Manage
|
||||||
- "'openssh-server' in packages"
|
- "'openssh-server' in packages"
|
||||||
|
# R-244526 RHEL-08-010287
|
||||||
|
- name: stigrule_244526__etc_sysconfig_sshd
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/sysconfig/sshd
|
||||||
|
regexp: '^# CRYPTO_POLICY='
|
||||||
|
line: "{{ rhel8STIG_stigrule_244526__etc_sysconfig_sshd_Line }}"
|
||||||
|
create: yes
|
||||||
|
notify: do_reboot
|
||||||
|
when:
|
||||||
|
- rhel8STIG_stigrule_244526_Manage
|
||||||
# R-244527 RHEL-08-010472
|
# R-244527 RHEL-08-010472
|
||||||
- name: stigrule_244527_rng_tools
|
- name: stigrule_244527_rng_tools
|
||||||
yum:
|
yum:
|
||||||
@@ -1663,18 +1663,13 @@
|
|||||||
when:
|
when:
|
||||||
- rhel8STIG_stigrule_244536_Manage
|
- rhel8STIG_stigrule_244536_Manage
|
||||||
- "'dconf' in packages"
|
- "'dconf' in packages"
|
||||||
# R-244537 RHEL-08-020039
|
|
||||||
- name: stigrule_244537_tmux
|
|
||||||
yum:
|
|
||||||
name: tmux
|
|
||||||
state: "{{ rhel8STIG_stigrule_244537_tmux_State }}"
|
|
||||||
when: rhel8STIG_stigrule_244537_Manage
|
|
||||||
# R-244538 RHEL-08-020081
|
# R-244538 RHEL-08-020081
|
||||||
- name: stigrule_244538__etc_dconf_db_local_d_locks_session_idle_delay
|
- name: stigrule_244538__etc_dconf_db_local_d_locks_session_idle_delay
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/dconf/db/local.d/locks/session
|
path: /etc/dconf/db/local.d/locks/session
|
||||||
line: "{{ rhel8STIG_stigrule_244538__etc_dconf_db_local_d_locks_session_idle_delay_Line }}"
|
line: "{{ rhel8STIG_stigrule_244538__etc_dconf_db_local_d_locks_session_idle_delay_Line }}"
|
||||||
create: yes
|
create: yes
|
||||||
|
notify: dconf_update
|
||||||
when:
|
when:
|
||||||
- rhel8STIG_stigrule_244538_Manage
|
- rhel8STIG_stigrule_244538_Manage
|
||||||
# R-244539 RHEL-08-020082
|
# R-244539 RHEL-08-020082
|
||||||
@@ -1683,6 +1678,7 @@
|
|||||||
path: /etc/dconf/db/local.d/locks/session
|
path: /etc/dconf/db/local.d/locks/session
|
||||||
line: "{{ rhel8STIG_stigrule_244539__etc_dconf_db_local_d_locks_session_lock_enabled_Line }}"
|
line: "{{ rhel8STIG_stigrule_244539__etc_dconf_db_local_d_locks_session_lock_enabled_Line }}"
|
||||||
create: yes
|
create: yes
|
||||||
|
notify: dconf_update
|
||||||
when:
|
when:
|
||||||
- rhel8STIG_stigrule_244539_Manage
|
- rhel8STIG_stigrule_244539_Manage
|
||||||
# R-244542 RHEL-08-030181
|
# R-244542 RHEL-08-030181
|
||||||
|
|||||||
@@ -159,7 +159,7 @@ rhel9STIG_stigrule_257834_Manage: True
|
|||||||
rhel9STIG_stigrule_257834_tuned_State: removed
|
rhel9STIG_stigrule_257834_tuned_State: removed
|
||||||
# R-257835 RHEL-09-215060
|
# R-257835 RHEL-09-215060
|
||||||
rhel9STIG_stigrule_257835_Manage: True
|
rhel9STIG_stigrule_257835_Manage: True
|
||||||
rhel9STIG_stigrule_257835_tftp_State: removed
|
rhel9STIG_stigrule_257835_tftp_server_State: removed
|
||||||
# R-257836 RHEL-09-215065
|
# R-257836 RHEL-09-215065
|
||||||
rhel9STIG_stigrule_257836_Manage: True
|
rhel9STIG_stigrule_257836_Manage: True
|
||||||
rhel9STIG_stigrule_257836_quagga_State: removed
|
rhel9STIG_stigrule_257836_quagga_State: removed
|
||||||
@@ -302,10 +302,6 @@ rhel9STIG_stigrule_257916__var_log_messages_owner_Owner: root
|
|||||||
rhel9STIG_stigrule_257917_Manage: True
|
rhel9STIG_stigrule_257917_Manage: True
|
||||||
rhel9STIG_stigrule_257917__var_log_messages_group_owner_Dest: /var/log/messages
|
rhel9STIG_stigrule_257917__var_log_messages_group_owner_Dest: /var/log/messages
|
||||||
rhel9STIG_stigrule_257917__var_log_messages_group_owner_Group: root
|
rhel9STIG_stigrule_257917__var_log_messages_group_owner_Group: root
|
||||||
# R-257933 RHEL-09-232265
|
|
||||||
rhel9STIG_stigrule_257933_Manage: True
|
|
||||||
rhel9STIG_stigrule_257933__etc_crontab_mode_Dest: /etc/crontab
|
|
||||||
rhel9STIG_stigrule_257933__etc_crontab_mode_Mode: '0600'
|
|
||||||
# R-257934 RHEL-09-232270
|
# R-257934 RHEL-09-232270
|
||||||
rhel9STIG_stigrule_257934_Manage: True
|
rhel9STIG_stigrule_257934_Manage: True
|
||||||
rhel9STIG_stigrule_257934__etc_shadow_mode_Dest: /etc/shadow
|
rhel9STIG_stigrule_257934__etc_shadow_mode_Dest: /etc/shadow
|
||||||
@@ -455,9 +451,6 @@ rhel9STIG_stigrule_257985_PermitRootLogin_Line: PermitRootLogin no
|
|||||||
# R-257986 RHEL-09-255050
|
# R-257986 RHEL-09-255050
|
||||||
rhel9STIG_stigrule_257986_Manage: True
|
rhel9STIG_stigrule_257986_Manage: True
|
||||||
rhel9STIG_stigrule_257986_UsePAM_Line: UsePAM yes
|
rhel9STIG_stigrule_257986_UsePAM_Line: UsePAM yes
|
||||||
# R-257989 RHEL-09-255065
|
|
||||||
rhel9STIG_stigrule_257989_Manage: True
|
|
||||||
rhel9STIG_stigrule_257989__etc_crypto_policies_back_ends_openssh_config_Line: 'Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr'
|
|
||||||
# R-257992 RHEL-09-255080
|
# R-257992 RHEL-09-255080
|
||||||
rhel9STIG_stigrule_257992_Manage: True
|
rhel9STIG_stigrule_257992_Manage: True
|
||||||
rhel9STIG_stigrule_257992_HostbasedAuthentication_Line: HostbasedAuthentication no
|
rhel9STIG_stigrule_257992_HostbasedAuthentication_Line: HostbasedAuthentication no
|
||||||
@@ -509,9 +502,6 @@ rhel9STIG_stigrule_258008_StrictModes_Line: StrictModes yes
|
|||||||
# R-258009 RHEL-09-255165
|
# R-258009 RHEL-09-255165
|
||||||
rhel9STIG_stigrule_258009_Manage: True
|
rhel9STIG_stigrule_258009_Manage: True
|
||||||
rhel9STIG_stigrule_258009_PrintLastLog_Line: PrintLastLog yes
|
rhel9STIG_stigrule_258009_PrintLastLog_Line: PrintLastLog yes
|
||||||
# R-258010 RHEL-09-255170
|
|
||||||
rhel9STIG_stigrule_258010_Manage: True
|
|
||||||
rhel9STIG_stigrule_258010_UsePrivilegeSeparation_Line: UsePrivilegeSeparation sandbox
|
|
||||||
# R-258011 RHEL-09-255175
|
# R-258011 RHEL-09-255175
|
||||||
rhel9STIG_stigrule_258011_Manage: True
|
rhel9STIG_stigrule_258011_Manage: True
|
||||||
rhel9STIG_stigrule_258011_X11UseLocalhost_Line: X11UseLocalhost yes
|
rhel9STIG_stigrule_258011_X11UseLocalhost_Line: X11UseLocalhost yes
|
||||||
@@ -560,10 +550,9 @@ rhel9STIG_stigrule_258026__etc_dconf_db_local_d_locks_session_lock_delay_Line: '
|
|||||||
# R-258027 RHEL-09-271085
|
# R-258027 RHEL-09-271085
|
||||||
rhel9STIG_stigrule_258027_Manage: True
|
rhel9STIG_stigrule_258027_Manage: True
|
||||||
rhel9STIG_stigrule_258027__etc_dconf_db_local_d_00_security_settings_Value: "''"
|
rhel9STIG_stigrule_258027__etc_dconf_db_local_d_00_security_settings_Value: "''"
|
||||||
|
# R-258027 RHEL-09-271085
|
||||||
|
rhel9STIG_stigrule_258027_Manage: True
|
||||||
rhel9STIG_stigrule_258027__etc_dconf_db_local_d_locks_00_security_settings_lock_picture_uri_Line: '/org/gnome/desktop/screensaver/picture-uri'
|
rhel9STIG_stigrule_258027__etc_dconf_db_local_d_locks_00_security_settings_lock_picture_uri_Line: '/org/gnome/desktop/screensaver/picture-uri'
|
||||||
# R-258029 RHEL-09-271095
|
|
||||||
rhel9STIG_stigrule_258029_Manage: True
|
|
||||||
rhel9STIG_stigrule_258029__etc_dconf_db_local_d_00_security_settings_Value: "'true'"
|
|
||||||
# R-258030 RHEL-09-271100
|
# R-258030 RHEL-09-271100
|
||||||
rhel9STIG_stigrule_258030_Manage: True
|
rhel9STIG_stigrule_258030_Manage: True
|
||||||
rhel9STIG_stigrule_258030__etc_dconf_db_local_d_locks_session_disable_restart_buttons_Line: '/org/gnome/login-screen/disable-restart-buttons'
|
rhel9STIG_stigrule_258030__etc_dconf_db_local_d_locks_session_disable_restart_buttons_Line: '/org/gnome/login-screen/disable-restart-buttons'
|
||||||
@@ -583,6 +572,8 @@ rhel9STIG_stigrule_258034__etc_modprobe_d_usb_storage_conf_blacklist_usb_storage
|
|||||||
# R-258035 RHEL-09-291015
|
# R-258035 RHEL-09-291015
|
||||||
rhel9STIG_stigrule_258035_Manage: True
|
rhel9STIG_stigrule_258035_Manage: True
|
||||||
rhel9STIG_stigrule_258035_usbguard_State: installed
|
rhel9STIG_stigrule_258035_usbguard_State: installed
|
||||||
|
rhel9STIG_stigrule_258035_usbguard_enable_Enabled: yes
|
||||||
|
rhel9STIG_stigrule_258035_usbguard_start_State: started
|
||||||
# R-258036 RHEL-09-291020
|
# R-258036 RHEL-09-291020
|
||||||
rhel9STIG_stigrule_258036_Manage: True
|
rhel9STIG_stigrule_258036_Manage: True
|
||||||
rhel9STIG_stigrule_258036_usbguard_enable_Enabled: yes
|
rhel9STIG_stigrule_258036_usbguard_enable_Enabled: yes
|
||||||
@@ -621,12 +612,6 @@ rhel9STIG_stigrule_258057__etc_security_faillock_conf_Line: 'unlock_time = 0'
|
|||||||
# R-258060 RHEL-09-411105
|
# R-258060 RHEL-09-411105
|
||||||
rhel9STIG_stigrule_258060_Manage: True
|
rhel9STIG_stigrule_258060_Manage: True
|
||||||
rhel9STIG_stigrule_258060__etc_security_faillock_conf_Line: 'dir = /var/log/faillock'
|
rhel9STIG_stigrule_258060__etc_security_faillock_conf_Line: 'dir = /var/log/faillock'
|
||||||
# R-258063 RHEL-09-412010
|
|
||||||
rhel9STIG_stigrule_258063_Manage: True
|
|
||||||
rhel9STIG_stigrule_258063_tmux_State: installed
|
|
||||||
# R-258066 RHEL-09-412025
|
|
||||||
rhel9STIG_stigrule_258066_Manage: True
|
|
||||||
rhel9STIG_stigrule_258066__etc_tmux_conf_Line: 'set -g lock-after-time 900'
|
|
||||||
# R-258069 RHEL-09-412040
|
# R-258069 RHEL-09-412040
|
||||||
rhel9STIG_stigrule_258069_Manage: True
|
rhel9STIG_stigrule_258069_Manage: True
|
||||||
rhel9STIG_stigrule_258069__etc_security_limits_conf_Line: '* hard maxlogins 10'
|
rhel9STIG_stigrule_258069__etc_security_limits_conf_Line: '* hard maxlogins 10'
|
||||||
@@ -688,9 +673,6 @@ rhel9STIG_stigrule_258104__etc_login_defs_Line: 'PASS_MIN_DAYS 1'
|
|||||||
# R-258107 RHEL-09-611090
|
# R-258107 RHEL-09-611090
|
||||||
rhel9STIG_stigrule_258107_Manage: True
|
rhel9STIG_stigrule_258107_Manage: True
|
||||||
rhel9STIG_stigrule_258107__etc_security_pwquality_conf_Line: 'minlen = 15'
|
rhel9STIG_stigrule_258107__etc_security_pwquality_conf_Line: 'minlen = 15'
|
||||||
# R-258108 RHEL-09-611095
|
|
||||||
rhel9STIG_stigrule_258108_Manage: True
|
|
||||||
rhel9STIG_stigrule_258108__etc_login_defs_Line: 'PASS_MIN_LEN 15'
|
|
||||||
# R-258109 RHEL-09-611100
|
# R-258109 RHEL-09-611100
|
||||||
rhel9STIG_stigrule_258109_Manage: True
|
rhel9STIG_stigrule_258109_Manage: True
|
||||||
rhel9STIG_stigrule_258109__etc_security_pwquality_conf_Line: 'ocredit = -1'
|
rhel9STIG_stigrule_258109__etc_security_pwquality_conf_Line: 'ocredit = -1'
|
||||||
@@ -718,9 +700,6 @@ rhel9STIG_stigrule_258116__etc_libuser_conf_Value: 'sha512'
|
|||||||
# R-258117 RHEL-09-611140
|
# R-258117 RHEL-09-611140
|
||||||
rhel9STIG_stigrule_258117_Manage: True
|
rhel9STIG_stigrule_258117_Manage: True
|
||||||
rhel9STIG_stigrule_258117__etc_login_defs_Line: 'ENCRYPT_METHOD SHA512'
|
rhel9STIG_stigrule_258117__etc_login_defs_Line: 'ENCRYPT_METHOD SHA512'
|
||||||
# R-258119 RHEL-09-611150
|
|
||||||
rhel9STIG_stigrule_258119_Manage: True
|
|
||||||
rhel9STIG_stigrule_258119__etc_login_defs_Line: 'SHA_CRYPT_MIN_ROUNDS 5000'
|
|
||||||
# R-258121 RHEL-09-611160
|
# R-258121 RHEL-09-611160
|
||||||
rhel9STIG_stigrule_258121_Manage: True
|
rhel9STIG_stigrule_258121_Manage: True
|
||||||
rhel9STIG_stigrule_258121__etc_opensc_conf_Line: 'card_drivers = cac;'
|
rhel9STIG_stigrule_258121__etc_opensc_conf_Line: 'card_drivers = cac;'
|
||||||
@@ -759,9 +738,6 @@ rhel9STIG_stigrule_258142_rsyslog_start_State: started
|
|||||||
# R-258144 RHEL-09-652030
|
# R-258144 RHEL-09-652030
|
||||||
rhel9STIG_stigrule_258144_Manage: True
|
rhel9STIG_stigrule_258144_Manage: True
|
||||||
rhel9STIG_stigrule_258144__etc_rsyslog_conf_Line: 'auth.*;authpriv.*;daemon.* /var/log/secure'
|
rhel9STIG_stigrule_258144__etc_rsyslog_conf_Line: 'auth.*;authpriv.*;daemon.* /var/log/secure'
|
||||||
# R-258145 RHEL-09-652035
|
|
||||||
rhel9STIG_stigrule_258145_Manage: True
|
|
||||||
rhel9STIG_stigrule_258145__etc_audit_plugins_d_syslog_conf_Line: 'active = yes'
|
|
||||||
# R-258146 RHEL-09-652040
|
# R-258146 RHEL-09-652040
|
||||||
rhel9STIG_stigrule_258146_Manage: True
|
rhel9STIG_stigrule_258146_Manage: True
|
||||||
rhel9STIG_stigrule_258146__etc_rsyslog_conf_Line: '$ActionSendStreamDriverAuthMode x509/name'
|
rhel9STIG_stigrule_258146__etc_rsyslog_conf_Line: '$ActionSendStreamDriverAuthMode x509/name'
|
||||||
@@ -1000,12 +976,9 @@ rhel9STIG_stigrule_258228__etc_audit_rules_d_audit_rules_loginuid_immutable_Line
|
|||||||
# R-258229 RHEL-09-654275
|
# R-258229 RHEL-09-654275
|
||||||
rhel9STIG_stigrule_258229_Manage: True
|
rhel9STIG_stigrule_258229_Manage: True
|
||||||
rhel9STIG_stigrule_258229__etc_audit_rules_d_audit_rules_e2_Line: '-e 2'
|
rhel9STIG_stigrule_258229__etc_audit_rules_d_audit_rules_e2_Line: '-e 2'
|
||||||
# R-258234 RHEL-09-672010
|
# R-258234 RHEL-09-215100
|
||||||
rhel9STIG_stigrule_258234_Manage: True
|
rhel9STIG_stigrule_258234_Manage: True
|
||||||
rhel9STIG_stigrule_258234_crypto_policies_State: installed
|
rhel9STIG_stigrule_258234_crypto_policies_State: installed
|
||||||
# R-258239 RHEL-09-672035
|
# R-272488 RHEL-09-215101
|
||||||
rhel9STIG_stigrule_258239_Manage: True
|
rhel9STIG_stigrule_272488_Manage: True
|
||||||
rhel9STIG_stigrule_258239__etc_pki_tls_openssl_cnf_Line: '.include = /etc/crypto-policies/back-ends/opensslcnf.config'
|
rhel9STIG_stigrule_272488_postfix_State: installed
|
||||||
# R-258240 RHEL-09-672040
|
|
||||||
rhel9STIG_stigrule_258240_Manage: True
|
|
||||||
rhel9STIG_stigrule_258240__etc_crypto_policies_back_ends_opensslcnf_config_Line: 'TLS.MinProtocol = TLSv1.2'
|
|
||||||
|
|||||||
File diff suppressed because one or more lines are too long
@@ -56,7 +56,7 @@
|
|||||||
- name: stigrule_257785_ctrl_alt_del_target_disable
|
- name: stigrule_257785_ctrl_alt_del_target_disable
|
||||||
systemd_service:
|
systemd_service:
|
||||||
name: ctrl-alt-del.target
|
name: ctrl-alt-del.target
|
||||||
enabled : "{{ rhel9STIG_stigrule_257785_ctrl_alt_del_target_disable_Enabled }}"
|
enabled: "{{ rhel9STIG_stigrule_257785_ctrl_alt_del_target_disable_Enabled }}"
|
||||||
when:
|
when:
|
||||||
- rhel9STIG_stigrule_257785_Manage
|
- rhel9STIG_stigrule_257785_Manage
|
||||||
- result.rc == 0
|
- result.rc == 0
|
||||||
@@ -84,7 +84,7 @@
|
|||||||
- name: stigrule_257786_debug_shell_service_disable
|
- name: stigrule_257786_debug_shell_service_disable
|
||||||
systemd_service:
|
systemd_service:
|
||||||
name: debug-shell.service
|
name: debug-shell.service
|
||||||
enabled : "{{ rhel9STIG_stigrule_257786_debug_shell_service_disable_Enabled }}"
|
enabled: "{{ rhel9STIG_stigrule_257786_debug_shell_service_disable_Enabled }}"
|
||||||
when:
|
when:
|
||||||
- rhel9STIG_stigrule_257786_Manage
|
- rhel9STIG_stigrule_257786_Manage
|
||||||
- result.rc == 0
|
- result.rc == 0
|
||||||
@@ -333,7 +333,7 @@
|
|||||||
- name: stigrule_257815_systemd_coredump_socket_disable
|
- name: stigrule_257815_systemd_coredump_socket_disable
|
||||||
systemd_service:
|
systemd_service:
|
||||||
name: systemd-coredump.socket
|
name: systemd-coredump.socket
|
||||||
enabled : "{{ rhel9STIG_stigrule_257815_systemd_coredump_socket_disable_Enabled }}"
|
enabled: "{{ rhel9STIG_stigrule_257815_systemd_coredump_socket_disable_Enabled }}"
|
||||||
when:
|
when:
|
||||||
- rhel9STIG_stigrule_257815_Manage
|
- rhel9STIG_stigrule_257815_Manage
|
||||||
- result.rc == 0
|
- result.rc == 0
|
||||||
@@ -371,7 +371,7 @@
|
|||||||
- name: stigrule_257818_kdump_disable
|
- name: stigrule_257818_kdump_disable
|
||||||
systemd_service:
|
systemd_service:
|
||||||
name: kdump.service
|
name: kdump.service
|
||||||
enabled : "{{ rhel9STIG_stigrule_257818_kdump_disable_Enabled }}"
|
enabled: "{{ rhel9STIG_stigrule_257818_kdump_disable_Enabled }}"
|
||||||
when:
|
when:
|
||||||
- rhel9STIG_stigrule_257818_Manage
|
- rhel9STIG_stigrule_257818_Manage
|
||||||
- result.rc == 0
|
- result.rc == 0
|
||||||
@@ -474,10 +474,10 @@
|
|||||||
state: "{{ rhel9STIG_stigrule_257834_tuned_State }}"
|
state: "{{ rhel9STIG_stigrule_257834_tuned_State }}"
|
||||||
when: rhel9STIG_stigrule_257834_Manage
|
when: rhel9STIG_stigrule_257834_Manage
|
||||||
# R-257835 RHEL-09-215060
|
# R-257835 RHEL-09-215060
|
||||||
- name: stigrule_257835_tftp
|
- name: stigrule_257835_tftp_server
|
||||||
yum:
|
yum:
|
||||||
name: tftp
|
name: tftp-server
|
||||||
state: "{{ rhel9STIG_stigrule_257835_tftp_State }}"
|
state: "{{ rhel9STIG_stigrule_257835_tftp_server_State }}"
|
||||||
when: rhel9STIG_stigrule_257835_Manage
|
when: rhel9STIG_stigrule_257835_Manage
|
||||||
# R-257836 RHEL-09-215065
|
# R-257836 RHEL-09-215065
|
||||||
- name: stigrule_257836_quagga
|
- name: stigrule_257836_quagga
|
||||||
@@ -525,7 +525,7 @@
|
|||||||
- name: stigrule_257849_autofs_service_disable
|
- name: stigrule_257849_autofs_service_disable
|
||||||
systemd_service:
|
systemd_service:
|
||||||
name: autofs.service
|
name: autofs.service
|
||||||
enabled : "{{ rhel9STIG_stigrule_257849_autofs_service_disable_Enabled }}"
|
enabled: "{{ rhel9STIG_stigrule_257849_autofs_service_disable_Enabled }}"
|
||||||
when:
|
when:
|
||||||
- rhel9STIG_stigrule_257849_Manage
|
- rhel9STIG_stigrule_257849_Manage
|
||||||
- result.rc == 0
|
- result.rc == 0
|
||||||
@@ -764,13 +764,6 @@
|
|||||||
group: "{{ rhel9STIG_stigrule_257917__var_log_messages_group_owner_Group }}"
|
group: "{{ rhel9STIG_stigrule_257917__var_log_messages_group_owner_Group }}"
|
||||||
when:
|
when:
|
||||||
- rhel9STIG_stigrule_257917_Manage
|
- rhel9STIG_stigrule_257917_Manage
|
||||||
# R-257933 RHEL-09-232265
|
|
||||||
- name: stigrule_257933__etc_crontab_mode
|
|
||||||
file:
|
|
||||||
dest: "{{ rhel9STIG_stigrule_257933__etc_crontab_mode_Dest }}"
|
|
||||||
mode: "{{ rhel9STIG_stigrule_257933__etc_crontab_mode_Mode }}"
|
|
||||||
when:
|
|
||||||
- rhel9STIG_stigrule_257933_Manage
|
|
||||||
# R-257934 RHEL-09-232270
|
# R-257934 RHEL-09-232270
|
||||||
- name: stigrule_257934__etc_shadow_mode
|
- name: stigrule_257934__etc_shadow_mode
|
||||||
file:
|
file:
|
||||||
@@ -1027,7 +1020,7 @@
|
|||||||
- rhel9STIG_stigrule_257970_Manage
|
- rhel9STIG_stigrule_257970_Manage
|
||||||
# R-257971 RHEL-09-254010
|
# R-257971 RHEL-09-254010
|
||||||
- name: check if ipv6 is enabled
|
- name: check if ipv6 is enabled
|
||||||
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1043,7 +1036,7 @@
|
|||||||
- cmd_result.rc == 0
|
- cmd_result.rc == 0
|
||||||
# R-257972 RHEL-09-254015
|
# R-257972 RHEL-09-254015
|
||||||
- name: check if ipv6 is enabled
|
- name: check if ipv6 is enabled
|
||||||
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1059,7 +1052,7 @@
|
|||||||
- cmd_result.rc == 0
|
- cmd_result.rc == 0
|
||||||
# R-257973 RHEL-09-254020
|
# R-257973 RHEL-09-254020
|
||||||
- name: check if ipv6 is enabled
|
- name: check if ipv6 is enabled
|
||||||
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1075,7 +1068,7 @@
|
|||||||
- cmd_result.rc == 0
|
- cmd_result.rc == 0
|
||||||
# R-257974 RHEL-09-254025
|
# R-257974 RHEL-09-254025
|
||||||
- name: check if ipv6 is enabled
|
- name: check if ipv6 is enabled
|
||||||
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1091,7 +1084,7 @@
|
|||||||
- cmd_result.rc == 0
|
- cmd_result.rc == 0
|
||||||
# R-257975 RHEL-09-254030
|
# R-257975 RHEL-09-254030
|
||||||
- name: check if ipv6 is enabled
|
- name: check if ipv6 is enabled
|
||||||
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1107,7 +1100,7 @@
|
|||||||
- cmd_result.rc == 0
|
- cmd_result.rc == 0
|
||||||
# R-257976 RHEL-09-254035
|
# R-257976 RHEL-09-254035
|
||||||
- name: check if ipv6 is enabled
|
- name: check if ipv6 is enabled
|
||||||
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1123,7 +1116,7 @@
|
|||||||
- cmd_result.rc == 0
|
- cmd_result.rc == 0
|
||||||
# R-257977 RHEL-09-254040
|
# R-257977 RHEL-09-254040
|
||||||
- name: check if ipv6 is enabled
|
- name: check if ipv6 is enabled
|
||||||
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
shell: "[[ $(cat /sys/module/ipv6/parameters/disable) == '0' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1237,16 +1230,6 @@
|
|||||||
when:
|
when:
|
||||||
- rhel9STIG_stigrule_257986_Manage
|
- rhel9STIG_stigrule_257986_Manage
|
||||||
- "'openssh-server' in packages"
|
- "'openssh-server' in packages"
|
||||||
# R-257989 RHEL-09-255065
|
|
||||||
- name: stigrule_257989__etc_crypto_policies_back_ends_openssh_config
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/crypto-policies/back-ends/openssh.config
|
|
||||||
regexp: '^\s*Ciphers\s+\S+\s*$'
|
|
||||||
line: "{{ rhel9STIG_stigrule_257989__etc_crypto_policies_back_ends_openssh_config_Line }}"
|
|
||||||
create: yes
|
|
||||||
notify: do_reboot
|
|
||||||
when:
|
|
||||||
- rhel9STIG_stigrule_257989_Manage
|
|
||||||
# R-257992 RHEL-09-255080
|
# R-257992 RHEL-09-255080
|
||||||
- name: stigrule_257992_HostbasedAuthentication
|
- name: stigrule_257992_HostbasedAuthentication
|
||||||
lineinfile:
|
lineinfile:
|
||||||
@@ -1398,16 +1381,6 @@
|
|||||||
when:
|
when:
|
||||||
- rhel9STIG_stigrule_258009_Manage
|
- rhel9STIG_stigrule_258009_Manage
|
||||||
- "'openssh-server' in packages"
|
- "'openssh-server' in packages"
|
||||||
# R-258010 RHEL-09-255170
|
|
||||||
- name: stigrule_258010_UsePrivilegeSeparation
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/ssh/sshd_config
|
|
||||||
regexp: '(?i)^\s*UsePrivilegeSeparation\s+'
|
|
||||||
line: "{{ rhel9STIG_stigrule_258010_UsePrivilegeSeparation_Line }}"
|
|
||||||
notify: ssh_restart
|
|
||||||
when:
|
|
||||||
- rhel9STIG_stigrule_258010_Manage
|
|
||||||
- "'openssh-server' in packages"
|
|
||||||
# R-258011 RHEL-09-255175
|
# R-258011 RHEL-09-255175
|
||||||
- name: stigrule_258011_X11UseLocalhost
|
- name: stigrule_258011_X11UseLocalhost
|
||||||
lineinfile:
|
lineinfile:
|
||||||
@@ -1594,18 +1567,6 @@
|
|||||||
when:
|
when:
|
||||||
- rhel9STIG_stigrule_258027_Manage
|
- rhel9STIG_stigrule_258027_Manage
|
||||||
- "'dconf' in packages"
|
- "'dconf' in packages"
|
||||||
# R-258029 RHEL-09-271095
|
|
||||||
- name: stigrule_258029__etc_dconf_db_local_d_00_security_settings
|
|
||||||
ini_file:
|
|
||||||
path: /etc/dconf/db/local.d/00-security-settings
|
|
||||||
section: org/gnome/login-screen
|
|
||||||
option: disable-restart-buttons
|
|
||||||
value: "{{ rhel9STIG_stigrule_258029__etc_dconf_db_local_d_00_security_settings_Value }}"
|
|
||||||
no_extra_spaces: yes
|
|
||||||
notify: dconf_update
|
|
||||||
when:
|
|
||||||
- rhel9STIG_stigrule_258029_Manage
|
|
||||||
- "'dconf' in packages"
|
|
||||||
# R-258030 RHEL-09-271100
|
# R-258030 RHEL-09-271100
|
||||||
- name: stigrule_258030__etc_dconf_db_local_d_locks_session_disable_restart_buttons
|
- name: stigrule_258030__etc_dconf_db_local_d_locks_session_disable_restart_buttons
|
||||||
lineinfile:
|
lineinfile:
|
||||||
@@ -1674,6 +1635,34 @@
|
|||||||
name: usbguard
|
name: usbguard
|
||||||
state: "{{ rhel9STIG_stigrule_258035_usbguard_State }}"
|
state: "{{ rhel9STIG_stigrule_258035_usbguard_State }}"
|
||||||
when: rhel9STIG_stigrule_258035_Manage
|
when: rhel9STIG_stigrule_258035_Manage
|
||||||
|
# R-258035 RHEL-09-291015
|
||||||
|
- name: check if usbguard.service is installed
|
||||||
|
shell: ! systemctl list-unit-files | grep "^usbguard.service[ \t]\+"
|
||||||
|
changed_when: False
|
||||||
|
check_mode: no
|
||||||
|
register: result
|
||||||
|
failed_when: result.rc > 1
|
||||||
|
- name: stigrule_258035_usbguard_enable
|
||||||
|
service:
|
||||||
|
name: usbguard.service
|
||||||
|
enabled: "{{ rhel9STIG_stigrule_258035_usbguard_enable_Enabled }}"
|
||||||
|
when:
|
||||||
|
- rhel9STIG_stigrule_258035_Manage
|
||||||
|
- result.rc == 0
|
||||||
|
# R-258035 RHEL-09-291015
|
||||||
|
- name: check if usbguard.service is installed
|
||||||
|
shell: ! systemctl list-unit-files | grep "^usbguard.service[ \t]\+"
|
||||||
|
changed_when: False
|
||||||
|
check_mode: no
|
||||||
|
register: result
|
||||||
|
failed_when: result.rc > 1
|
||||||
|
- name: stigrule_258035_usbguard_start
|
||||||
|
service:
|
||||||
|
name: usbguard.service
|
||||||
|
state: "{{ rhel9STIG_stigrule_258035_usbguard_start_State }}"
|
||||||
|
when:
|
||||||
|
- rhel9STIG_stigrule_258035_Manage
|
||||||
|
- result.rc == 0
|
||||||
# R-258036 RHEL-09-291020
|
# R-258036 RHEL-09-291020
|
||||||
- name: check if usbguard.service is installed
|
- name: check if usbguard.service is installed
|
||||||
shell: ! systemctl list-unit-files | grep "^usbguard.service[ \t]\+"
|
shell: ! systemctl list-unit-files | grep "^usbguard.service[ \t]\+"
|
||||||
@@ -1731,7 +1720,7 @@
|
|||||||
- rhel9STIG_stigrule_258039_Manage
|
- rhel9STIG_stigrule_258039_Manage
|
||||||
# R-258040 RHEL-09-291040
|
# R-258040 RHEL-09-291040
|
||||||
- name: check if wireless network adapters are disabled
|
- name: check if wireless network adapters are disabled
|
||||||
shell: "[[ $(nmcli radio wifi) == 'enabled' ]]"
|
shell: "[[ $(nmcli radio wifi) == 'enabled' ]]"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: cmd_result
|
register: cmd_result
|
||||||
@@ -1821,20 +1810,6 @@
|
|||||||
notify: with_faillock_enable
|
notify: with_faillock_enable
|
||||||
when:
|
when:
|
||||||
- rhel9STIG_stigrule_258060_Manage
|
- rhel9STIG_stigrule_258060_Manage
|
||||||
# R-258063 RHEL-09-412010
|
|
||||||
- name: stigrule_258063_tmux
|
|
||||||
yum:
|
|
||||||
name: tmux
|
|
||||||
state: "{{ rhel9STIG_stigrule_258063_tmux_State }}"
|
|
||||||
when: rhel9STIG_stigrule_258063_Manage
|
|
||||||
# R-258066 RHEL-09-412025
|
|
||||||
- name: stigrule_258066__etc_tmux_conf
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/tmux.conf
|
|
||||||
line: "{{ rhel9STIG_stigrule_258066__etc_tmux_conf_Line }}"
|
|
||||||
create: yes
|
|
||||||
when:
|
|
||||||
- rhel9STIG_stigrule_258066_Manage
|
|
||||||
# R-258069 RHEL-09-412040
|
# R-258069 RHEL-09-412040
|
||||||
- name: stigrule_258069__etc_security_limits_conf
|
- name: stigrule_258069__etc_security_limits_conf
|
||||||
lineinfile:
|
lineinfile:
|
||||||
@@ -2025,15 +2000,6 @@
|
|||||||
create: yes
|
create: yes
|
||||||
when:
|
when:
|
||||||
- rhel9STIG_stigrule_258107_Manage
|
- rhel9STIG_stigrule_258107_Manage
|
||||||
# R-258108 RHEL-09-611095
|
|
||||||
- name: stigrule_258108__etc_login_defs
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/login.defs
|
|
||||||
regexp: '^PASS_MIN_LEN'
|
|
||||||
line: "{{ rhel9STIG_stigrule_258108__etc_login_defs_Line }}"
|
|
||||||
create: yes
|
|
||||||
when:
|
|
||||||
- rhel9STIG_stigrule_258108_Manage
|
|
||||||
# R-258109 RHEL-09-611100
|
# R-258109 RHEL-09-611100
|
||||||
- name: stigrule_258109__etc_security_pwquality_conf
|
- name: stigrule_258109__etc_security_pwquality_conf
|
||||||
lineinfile:
|
lineinfile:
|
||||||
@@ -2116,15 +2082,6 @@
|
|||||||
create: yes
|
create: yes
|
||||||
when:
|
when:
|
||||||
- rhel9STIG_stigrule_258117_Manage
|
- rhel9STIG_stigrule_258117_Manage
|
||||||
# R-258119 RHEL-09-611150
|
|
||||||
- name: stigrule_258119__etc_login_defs
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/login.defs
|
|
||||||
regexp: '^SHA_CRYPT_MIN_ROUNDS'
|
|
||||||
line: "{{ rhel9STIG_stigrule_258119__etc_login_defs_Line }}"
|
|
||||||
create: yes
|
|
||||||
when:
|
|
||||||
- rhel9STIG_stigrule_258119_Manage
|
|
||||||
# R-258121 RHEL-09-611160
|
# R-258121 RHEL-09-611160
|
||||||
- name: stigrule_258121__etc_opensc_conf
|
- name: stigrule_258121__etc_opensc_conf
|
||||||
lineinfile:
|
lineinfile:
|
||||||
@@ -2264,16 +2221,6 @@
|
|||||||
notify: rsyslog_restart
|
notify: rsyslog_restart
|
||||||
when:
|
when:
|
||||||
- rhel9STIG_stigrule_258144_Manage
|
- rhel9STIG_stigrule_258144_Manage
|
||||||
# R-258145 RHEL-09-652035
|
|
||||||
- name: stigrule_258145__etc_audit_plugins_d_syslog_conf
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/audit/plugins.d/syslog.conf
|
|
||||||
regexp: '^\s*active\s*='
|
|
||||||
line: "{{ rhel9STIG_stigrule_258145__etc_audit_plugins_d_syslog_conf_Line }}"
|
|
||||||
create: yes
|
|
||||||
notify: auditd_restart
|
|
||||||
when:
|
|
||||||
- rhel9STIG_stigrule_258145_Manage
|
|
||||||
# R-258146 RHEL-09-652040
|
# R-258146 RHEL-09-652040
|
||||||
- name: stigrule_258146__etc_rsyslog_conf
|
- name: stigrule_258146__etc_rsyslog_conf
|
||||||
lineinfile:
|
lineinfile:
|
||||||
@@ -2502,7 +2449,7 @@
|
|||||||
state: "{{ rhel9STIG_stigrule_258175_audispd_plugins_State }}"
|
state: "{{ rhel9STIG_stigrule_258175_audispd_plugins_State }}"
|
||||||
when: rhel9STIG_stigrule_258175_Manage
|
when: rhel9STIG_stigrule_258175_Manage
|
||||||
# R-258176 RHEL-09-654010
|
# R-258176 RHEL-09-654010
|
||||||
- name : stigrule_258176__etc_audit_rules_d_audit_rules_execve_euid_b32
|
- name: stigrule_258176__etc_audit_rules_d_audit_rules_execve_euid_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k execpriv$'
|
regexp: '^-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k execpriv$'
|
||||||
@@ -2510,7 +2457,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258176_Manage
|
when: rhel9STIG_stigrule_258176_Manage
|
||||||
# R-258176 RHEL-09-654010
|
# R-258176 RHEL-09-654010
|
||||||
- name : stigrule_258176__etc_audit_rules_d_audit_rules_execve_euid_b64
|
- name: stigrule_258176__etc_audit_rules_d_audit_rules_execve_euid_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k execpriv$'
|
regexp: '^-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k execpriv$'
|
||||||
@@ -2518,7 +2465,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258176_Manage
|
when: rhel9STIG_stigrule_258176_Manage
|
||||||
# R-258176 RHEL-09-654010
|
# R-258176 RHEL-09-654010
|
||||||
- name : stigrule_258176__etc_audit_rules_d_audit_rules_execve_egid_b32
|
- name: stigrule_258176__etc_audit_rules_d_audit_rules_execve_egid_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k execpriv$'
|
regexp: '^-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k execpriv$'
|
||||||
@@ -2526,7 +2473,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258176_Manage
|
when: rhel9STIG_stigrule_258176_Manage
|
||||||
# R-258176 RHEL-09-654010
|
# R-258176 RHEL-09-654010
|
||||||
- name : stigrule_258176__etc_audit_rules_d_audit_rules_execve_egid_b64
|
- name: stigrule_258176__etc_audit_rules_d_audit_rules_execve_egid_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k execpriv$'
|
regexp: '^-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k execpriv$'
|
||||||
@@ -2534,7 +2481,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258176_Manage
|
when: rhel9STIG_stigrule_258176_Manage
|
||||||
# R-258177 RHEL-09-654015
|
# R-258177 RHEL-09-654015
|
||||||
- name : stigrule_258177__etc_audit_rules_d_audit_rules_chmod_b32
|
- name: stigrule_258177__etc_audit_rules_d_audit_rules_chmod_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -2542,7 +2489,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258177_Manage
|
when: rhel9STIG_stigrule_258177_Manage
|
||||||
# R-258177 RHEL-09-654015
|
# R-258177 RHEL-09-654015
|
||||||
- name : stigrule_258177__etc_audit_rules_d_audit_rules_chmod_b64
|
- name: stigrule_258177__etc_audit_rules_d_audit_rules_chmod_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -2550,7 +2497,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258177_Manage
|
when: rhel9STIG_stigrule_258177_Manage
|
||||||
# R-258178 RHEL-09-654020
|
# R-258178 RHEL-09-654020
|
||||||
- name : stigrule_258178__etc_audit_rules_d_audit_rules_chown_b32
|
- name: stigrule_258178__etc_audit_rules_d_audit_rules_chown_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -2558,7 +2505,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258178_Manage
|
when: rhel9STIG_stigrule_258178_Manage
|
||||||
# R-258178 RHEL-09-654020
|
# R-258178 RHEL-09-654020
|
||||||
- name : stigrule_258178__etc_audit_rules_d_audit_rules_chown_b64
|
- name: stigrule_258178__etc_audit_rules_d_audit_rules_chown_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -2566,7 +2513,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258178_Manage
|
when: rhel9STIG_stigrule_258178_Manage
|
||||||
# R-258179 RHEL-09-654025
|
# R-258179 RHEL-09-654025
|
||||||
- name : stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b32_unset
|
- name: stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b32_unset
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -2574,7 +2521,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258179_Manage
|
when: rhel9STIG_stigrule_258179_Manage
|
||||||
# R-258179 RHEL-09-654025
|
# R-258179 RHEL-09-654025
|
||||||
- name : stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b64_unset
|
- name: stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b64_unset
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -2582,7 +2529,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258179_Manage
|
when: rhel9STIG_stigrule_258179_Manage
|
||||||
# R-258179 RHEL-09-654025
|
# R-258179 RHEL-09-654025
|
||||||
- name : stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b32
|
- name: stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod$'
|
||||||
@@ -2590,7 +2537,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258179_Manage
|
when: rhel9STIG_stigrule_258179_Manage
|
||||||
# R-258179 RHEL-09-654025
|
# R-258179 RHEL-09-654025
|
||||||
- name : stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b64
|
- name: stigrule_258179__etc_audit_rules_d_audit_rules_lremovexattr_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod$'
|
regexp: '^-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod$'
|
||||||
@@ -2598,7 +2545,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258179_Manage
|
when: rhel9STIG_stigrule_258179_Manage
|
||||||
# R-258180 RHEL-09-654030
|
# R-258180 RHEL-09-654030
|
||||||
- name : stigrule_258180__etc_audit_rules_d_audit_rules__usr_bin_umount
|
- name: stigrule_258180__etc_audit_rules_d_audit_rules__usr_bin_umount
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount$'
|
regexp: '^-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount$'
|
||||||
@@ -2606,7 +2553,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258180_Manage
|
when: rhel9STIG_stigrule_258180_Manage
|
||||||
# R-258181 RHEL-09-654035
|
# R-258181 RHEL-09-654035
|
||||||
- name : stigrule_258181__etc_audit_rules_d_audit_rules__usr_bin_chacl
|
- name: stigrule_258181__etc_audit_rules_d_audit_rules__usr_bin_chacl
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -2614,7 +2561,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258181_Manage
|
when: rhel9STIG_stigrule_258181_Manage
|
||||||
# R-258182 RHEL-09-654040
|
# R-258182 RHEL-09-654040
|
||||||
- name : stigrule_258182__etc_audit_rules_d_audit_rules__usr_bin_setfacl
|
- name: stigrule_258182__etc_audit_rules_d_audit_rules__usr_bin_setfacl
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -2622,7 +2569,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258182_Manage
|
when: rhel9STIG_stigrule_258182_Manage
|
||||||
# R-258183 RHEL-09-654045
|
# R-258183 RHEL-09-654045
|
||||||
- name : stigrule_258183__etc_audit_rules_d_audit_rules__usr_bin_chcon
|
- name: stigrule_258183__etc_audit_rules_d_audit_rules__usr_bin_chcon
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
|
regexp: '^-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod$'
|
||||||
@@ -2630,7 +2577,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258183_Manage
|
when: rhel9STIG_stigrule_258183_Manage
|
||||||
# R-258184 RHEL-09-654050
|
# R-258184 RHEL-09-654050
|
||||||
- name : stigrule_258184__etc_audit_rules_d_audit_rules__usr_sbin_semanage
|
- name: stigrule_258184__etc_audit_rules_d_audit_rules__usr_sbin_semanage
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -2638,7 +2585,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258184_Manage
|
when: rhel9STIG_stigrule_258184_Manage
|
||||||
# R-258185 RHEL-09-654055
|
# R-258185 RHEL-09-654055
|
||||||
- name : stigrule_258185__etc_audit_rules_d_audit_rules__usr_sbin_setfiles
|
- name: stigrule_258185__etc_audit_rules_d_audit_rules__usr_sbin_setfiles
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -2646,7 +2593,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258185_Manage
|
when: rhel9STIG_stigrule_258185_Manage
|
||||||
# R-258186 RHEL-09-654060
|
# R-258186 RHEL-09-654060
|
||||||
- name : stigrule_258186__etc_audit_rules_d_audit_rules__usr_sbin_setsebool
|
- name: stigrule_258186__etc_audit_rules_d_audit_rules__usr_sbin_setsebool
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged$'
|
regexp: '^-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged$'
|
||||||
@@ -2654,7 +2601,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258186_Manage
|
when: rhel9STIG_stigrule_258186_Manage
|
||||||
# R-258187 RHEL-09-654065
|
# R-258187 RHEL-09-654065
|
||||||
- name : stigrule_258187__etc_audit_rules_d_audit_rules_rename_b32
|
- name: stigrule_258187__etc_audit_rules_d_audit_rules_rename_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete$'
|
regexp: '^-a always,exit -F arch=b32 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete$'
|
||||||
@@ -2662,7 +2609,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258187_Manage
|
when: rhel9STIG_stigrule_258187_Manage
|
||||||
# R-258187 RHEL-09-654065
|
# R-258187 RHEL-09-654065
|
||||||
- name : stigrule_258187__etc_audit_rules_d_audit_rules_rename_b64
|
- name: stigrule_258187__etc_audit_rules_d_audit_rules_rename_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete$'
|
regexp: '^-a always,exit -F arch=b64 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete$'
|
||||||
@@ -2670,7 +2617,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258187_Manage
|
when: rhel9STIG_stigrule_258187_Manage
|
||||||
# R-258188 RHEL-09-654070
|
# R-258188 RHEL-09-654070
|
||||||
- name : stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EPERM_b32
|
- name: stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EPERM_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access$'
|
regexp: '^-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access$'
|
||||||
@@ -2678,7 +2625,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258188_Manage
|
when: rhel9STIG_stigrule_258188_Manage
|
||||||
# R-258188 RHEL-09-654070
|
# R-258188 RHEL-09-654070
|
||||||
- name : stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EPERM_b64
|
- name: stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EPERM_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access$'
|
regexp: '^-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access$'
|
||||||
@@ -2686,7 +2633,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258188_Manage
|
when: rhel9STIG_stigrule_258188_Manage
|
||||||
# R-258188 RHEL-09-654070
|
# R-258188 RHEL-09-654070
|
||||||
- name : stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EACCES_b32
|
- name: stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EACCES_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access$'
|
regexp: '^-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access$'
|
||||||
@@ -2694,7 +2641,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258188_Manage
|
when: rhel9STIG_stigrule_258188_Manage
|
||||||
# R-258188 RHEL-09-654070
|
# R-258188 RHEL-09-654070
|
||||||
- name : stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EACCES_b64
|
- name: stigrule_258188__etc_audit_rules_d_audit_rules_truncate_EACCES_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access$'
|
regexp: '^-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access$'
|
||||||
@@ -2702,7 +2649,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258188_Manage
|
when: rhel9STIG_stigrule_258188_Manage
|
||||||
# R-258189 RHEL-09-654075
|
# R-258189 RHEL-09-654075
|
||||||
- name : stigrule_258189__etc_audit_rules_d_audit_rules_delete_module_b32
|
- name: stigrule_258189__etc_audit_rules_d_audit_rules_delete_module_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
regexp: '^-a always,exit -F arch=b32 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
||||||
@@ -2710,7 +2657,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258189_Manage
|
when: rhel9STIG_stigrule_258189_Manage
|
||||||
# R-258189 RHEL-09-654075
|
# R-258189 RHEL-09-654075
|
||||||
- name : stigrule_258189__etc_audit_rules_d_audit_rules_delete_module_b64
|
- name: stigrule_258189__etc_audit_rules_d_audit_rules_delete_module_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
regexp: '^-a always,exit -F arch=b64 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
||||||
@@ -2718,7 +2665,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258189_Manage
|
when: rhel9STIG_stigrule_258189_Manage
|
||||||
# R-258190 RHEL-09-654080
|
# R-258190 RHEL-09-654080
|
||||||
- name : stigrule_258190__etc_audit_rules_d_audit_rules_init_module_b32
|
- name: stigrule_258190__etc_audit_rules_d_audit_rules_init_module_b32
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b32 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
regexp: '^-a always,exit -F arch=b32 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
||||||
@@ -2726,7 +2673,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258190_Manage
|
when: rhel9STIG_stigrule_258190_Manage
|
||||||
# R-258190 RHEL-09-654080
|
# R-258190 RHEL-09-654080
|
||||||
- name : stigrule_258190__etc_audit_rules_d_audit_rules_init_module_b64
|
- name: stigrule_258190__etc_audit_rules_d_audit_rules_init_module_b64
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
regexp: '^-a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng$'
|
||||||
@@ -2734,7 +2681,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258190_Manage
|
when: rhel9STIG_stigrule_258190_Manage
|
||||||
# R-258191 RHEL-09-654085
|
# R-258191 RHEL-09-654085
|
||||||
- name : stigrule_258191__etc_audit_rules_d_audit_rules__usr_bin_chage
|
- name: stigrule_258191__etc_audit_rules_d_audit_rules__usr_bin_chage
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-chage$'
|
regexp: '^-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-chage$'
|
||||||
@@ -2742,7 +2689,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258191_Manage
|
when: rhel9STIG_stigrule_258191_Manage
|
||||||
# R-258192 RHEL-09-654090
|
# R-258192 RHEL-09-654090
|
||||||
- name : stigrule_258192__etc_audit_rules_d_audit_rules__usr_bin_chsh
|
- name: stigrule_258192__etc_audit_rules_d_audit_rules__usr_bin_chsh
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
|
regexp: '^-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
|
||||||
@@ -2750,7 +2697,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258192_Manage
|
when: rhel9STIG_stigrule_258192_Manage
|
||||||
# R-258193 RHEL-09-654095
|
# R-258193 RHEL-09-654095
|
||||||
- name : stigrule_258193__etc_audit_rules_d_audit_rules__usr_bin_crontab
|
- name: stigrule_258193__etc_audit_rules_d_audit_rules__usr_bin_crontab
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -k privileged-crontab$'
|
regexp: '^-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -k privileged-crontab$'
|
||||||
@@ -2758,7 +2705,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258193_Manage
|
when: rhel9STIG_stigrule_258193_Manage
|
||||||
# R-258194 RHEL-09-654100
|
# R-258194 RHEL-09-654100
|
||||||
- name : stigrule_258194__etc_audit_rules_d_audit_rules__usr_bin_gpasswd
|
- name: stigrule_258194__etc_audit_rules_d_audit_rules__usr_bin_gpasswd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-gpasswd$'
|
regexp: '^-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-gpasswd$'
|
||||||
@@ -2766,7 +2713,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258194_Manage
|
when: rhel9STIG_stigrule_258194_Manage
|
||||||
# R-258195 RHEL-09-654105
|
# R-258195 RHEL-09-654105
|
||||||
- name : stigrule_258195__etc_audit_rules_d_audit_rules__usr_bin_kmod
|
- name: stigrule_258195__etc_audit_rules_d_audit_rules__usr_bin_kmod
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -k modules$'
|
regexp: '^-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -k modules$'
|
||||||
@@ -2774,7 +2721,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258195_Manage
|
when: rhel9STIG_stigrule_258195_Manage
|
||||||
# R-258196 RHEL-09-654110
|
# R-258196 RHEL-09-654110
|
||||||
- name : stigrule_258196__etc_audit_rules_d_audit_rules__usr_bin_newgrp
|
- name: stigrule_258196__etc_audit_rules_d_audit_rules__usr_bin_newgrp
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
|
regexp: '^-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
|
||||||
@@ -2782,7 +2729,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258196_Manage
|
when: rhel9STIG_stigrule_258196_Manage
|
||||||
# R-258197 RHEL-09-654115
|
# R-258197 RHEL-09-654115
|
||||||
- name : stigrule_258197__etc_audit_rules_d_audit_rules__usr_sbin_pam_timestamp_check
|
- name: stigrule_258197__etc_audit_rules_d_audit_rules__usr_sbin_pam_timestamp_check
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=unset -k privileged-pam_timestamp_check$'
|
regexp: '^-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=unset -k privileged-pam_timestamp_check$'
|
||||||
@@ -2790,7 +2737,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258197_Manage
|
when: rhel9STIG_stigrule_258197_Manage
|
||||||
# R-258198 RHEL-09-654120
|
# R-258198 RHEL-09-654120
|
||||||
- name : stigrule_258198__etc_audit_rules_d_audit_rules__usr_bin_passwd
|
- name: stigrule_258198__etc_audit_rules_d_audit_rules__usr_bin_passwd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-passwd$'
|
regexp: '^-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-passwd$'
|
||||||
@@ -2798,7 +2745,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258198_Manage
|
when: rhel9STIG_stigrule_258198_Manage
|
||||||
# R-258199 RHEL-09-654125
|
# R-258199 RHEL-09-654125
|
||||||
- name : stigrule_258199__etc_audit_rules_d_audit_rules__usr_sbin_postdrop
|
- name: stigrule_258199__etc_audit_rules_d_audit_rules__usr_sbin_postdrop
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -2806,7 +2753,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258199_Manage
|
when: rhel9STIG_stigrule_258199_Manage
|
||||||
# R-258200 RHEL-09-654130
|
# R-258200 RHEL-09-654130
|
||||||
- name : stigrule_258200__etc_audit_rules_d_audit_rules__usr_sbin_postqueue
|
- name: stigrule_258200__etc_audit_rules_d_audit_rules__usr_sbin_postqueue
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -2814,7 +2761,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258200_Manage
|
when: rhel9STIG_stigrule_258200_Manage
|
||||||
# R-258201 RHEL-09-654135
|
# R-258201 RHEL-09-654135
|
||||||
- name : stigrule_258201__etc_audit_rules_d_audit_rules__usr_bin_ssh_agent
|
- name: stigrule_258201__etc_audit_rules_d_audit_rules__usr_bin_ssh_agent
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh$'
|
regexp: '^-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh$'
|
||||||
@@ -2822,7 +2769,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258201_Manage
|
when: rhel9STIG_stigrule_258201_Manage
|
||||||
# R-258202 RHEL-09-654140
|
# R-258202 RHEL-09-654140
|
||||||
- name : stigrule_258202__etc_audit_rules_d_audit_rules__usr_libexec_openssh_ssh_keysign
|
- name: stigrule_258202__etc_audit_rules_d_audit_rules__usr_libexec_openssh_ssh_keysign
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh$'
|
regexp: '^-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh$'
|
||||||
@@ -2830,7 +2777,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258202_Manage
|
when: rhel9STIG_stigrule_258202_Manage
|
||||||
# R-258203 RHEL-09-654145
|
# R-258203 RHEL-09-654145
|
||||||
- name : stigrule_258203__etc_audit_rules_d_audit_rules__usr_bin_su
|
- name: stigrule_258203__etc_audit_rules_d_audit_rules__usr_bin_su
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=unset -k privileged-priv_change$'
|
regexp: '^-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=unset -k privileged-priv_change$'
|
||||||
@@ -2838,7 +2785,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258203_Manage
|
when: rhel9STIG_stigrule_258203_Manage
|
||||||
# R-258204 RHEL-09-654150
|
# R-258204 RHEL-09-654150
|
||||||
- name : stigrule_258204__etc_audit_rules_d_audit_rules__usr_bin_sudo
|
- name: stigrule_258204__etc_audit_rules_d_audit_rules__usr_bin_sudo
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
|
regexp: '^-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
|
||||||
@@ -2846,7 +2793,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258204_Manage
|
when: rhel9STIG_stigrule_258204_Manage
|
||||||
# R-258205 RHEL-09-654155
|
# R-258205 RHEL-09-654155
|
||||||
- name : stigrule_258205__etc_audit_rules_d_audit_rules__usr_bin_sudoedit
|
- name: stigrule_258205__etc_audit_rules_d_audit_rules__usr_bin_sudoedit
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
|
regexp: '^-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd$'
|
||||||
@@ -2854,7 +2801,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258205_Manage
|
when: rhel9STIG_stigrule_258205_Manage
|
||||||
# R-258206 RHEL-09-654160
|
# R-258206 RHEL-09-654160
|
||||||
- name : stigrule_258206__etc_audit_rules_d_audit_rules__usr_sbin_unix_chkpwd
|
- name: stigrule_258206__etc_audit_rules_d_audit_rules__usr_sbin_unix_chkpwd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -2862,7 +2809,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258206_Manage
|
when: rhel9STIG_stigrule_258206_Manage
|
||||||
# R-258207 RHEL-09-654165
|
# R-258207 RHEL-09-654165
|
||||||
- name : stigrule_258207__etc_audit_rules_d_audit_rules__usr_sbin_unix_update
|
- name: stigrule_258207__etc_audit_rules_d_audit_rules__usr_sbin_unix_update
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/unix_update -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/unix_update -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -2870,7 +2817,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258207_Manage
|
when: rhel9STIG_stigrule_258207_Manage
|
||||||
# R-258208 RHEL-09-654170
|
# R-258208 RHEL-09-654170
|
||||||
- name : stigrule_258208__etc_audit_rules_d_audit_rules__usr_sbin_userhelper
|
- name: stigrule_258208__etc_audit_rules_d_audit_rules__usr_sbin_userhelper
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
regexp: '^-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update$'
|
||||||
@@ -2878,7 +2825,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258208_Manage
|
when: rhel9STIG_stigrule_258208_Manage
|
||||||
# R-258209 RHEL-09-654175
|
# R-258209 RHEL-09-654175
|
||||||
- name : stigrule_258209__etc_audit_rules_d_audit_rules__usr_sbin_usermod
|
- name: stigrule_258209__etc_audit_rules_d_audit_rules__usr_sbin_usermod
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=unset -k privileged-usermod$'
|
regexp: '^-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=unset -k privileged-usermod$'
|
||||||
@@ -2886,7 +2833,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258209_Manage
|
when: rhel9STIG_stigrule_258209_Manage
|
||||||
# R-258210 RHEL-09-654180
|
# R-258210 RHEL-09-654180
|
||||||
- name : stigrule_258210__etc_audit_rules_d_audit_rules__usr_bin_mount
|
- name: stigrule_258210__etc_audit_rules_d_audit_rules__usr_bin_mount
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount$'
|
regexp: '^-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount$'
|
||||||
@@ -2894,7 +2841,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258210_Manage
|
when: rhel9STIG_stigrule_258210_Manage
|
||||||
# R-258211 RHEL-09-654185
|
# R-258211 RHEL-09-654185
|
||||||
- name : stigrule_258211__etc_audit_rules_d_audit_rules__usr_sbin_init
|
- name: stigrule_258211__etc_audit_rules_d_audit_rules__usr_sbin_init
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/init -F perm=x -F auid>=1000 -F auid!=unset -k privileged-init$'
|
regexp: '^-a always,exit -F path=/usr/sbin/init -F perm=x -F auid>=1000 -F auid!=unset -k privileged-init$'
|
||||||
@@ -2902,7 +2849,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258211_Manage
|
when: rhel9STIG_stigrule_258211_Manage
|
||||||
# R-258212 RHEL-09-654190
|
# R-258212 RHEL-09-654190
|
||||||
- name : stigrule_258212__etc_audit_rules_d_audit_rules__usr_sbin_poweroff
|
- name: stigrule_258212__etc_audit_rules_d_audit_rules__usr_sbin_poweroff
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/poweroff -F perm=x -F auid>=1000 -F auid!=unset -k privileged-poweroff$'
|
regexp: '^-a always,exit -F path=/usr/sbin/poweroff -F perm=x -F auid>=1000 -F auid!=unset -k privileged-poweroff$'
|
||||||
@@ -2910,7 +2857,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258212_Manage
|
when: rhel9STIG_stigrule_258212_Manage
|
||||||
# R-258213 RHEL-09-654195
|
# R-258213 RHEL-09-654195
|
||||||
- name : stigrule_258213__etc_audit_rules_d_audit_rules__usr_sbin_reboot
|
- name: stigrule_258213__etc_audit_rules_d_audit_rules__usr_sbin_reboot
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/reboot -F perm=x -F auid>=1000 -F auid!=unset -k privileged-reboot$'
|
regexp: '^-a always,exit -F path=/usr/sbin/reboot -F perm=x -F auid>=1000 -F auid!=unset -k privileged-reboot$'
|
||||||
@@ -2918,7 +2865,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258213_Manage
|
when: rhel9STIG_stigrule_258213_Manage
|
||||||
# R-258214 RHEL-09-654200
|
# R-258214 RHEL-09-654200
|
||||||
- name : stigrule_258214__etc_audit_rules_d_audit_rules__usr_sbin_shutdown
|
- name: stigrule_258214__etc_audit_rules_d_audit_rules__usr_sbin_shutdown
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-a always,exit -F path=/usr/sbin/shutdown -F perm=x -F auid>=1000 -F auid!=unset -k privileged-shutdown$'
|
regexp: '^-a always,exit -F path=/usr/sbin/shutdown -F perm=x -F auid>=1000 -F auid!=unset -k privileged-shutdown$'
|
||||||
@@ -2926,7 +2873,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258214_Manage
|
when: rhel9STIG_stigrule_258214_Manage
|
||||||
# R-258217 RHEL-09-654215
|
# R-258217 RHEL-09-654215
|
||||||
- name : stigrule_258217__etc_audit_rules_d_audit_rules__etc_sudoers
|
- name: stigrule_258217__etc_audit_rules_d_audit_rules__etc_sudoers
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /etc/sudoers -p wa -k identity$'
|
regexp: '^-w /etc/sudoers -p wa -k identity$'
|
||||||
@@ -2934,7 +2881,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258217_Manage
|
when: rhel9STIG_stigrule_258217_Manage
|
||||||
# R-258218 RHEL-09-654220
|
# R-258218 RHEL-09-654220
|
||||||
- name : stigrule_258218__etc_audit_rules_d_audit_rules__etc_sudoers_d_
|
- name: stigrule_258218__etc_audit_rules_d_audit_rules__etc_sudoers_d_
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /etc/sudoers.d/ -p wa -k identity$'
|
regexp: '^-w /etc/sudoers.d/ -p wa -k identity$'
|
||||||
@@ -2942,7 +2889,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258218_Manage
|
when: rhel9STIG_stigrule_258218_Manage
|
||||||
# R-258219 RHEL-09-654225
|
# R-258219 RHEL-09-654225
|
||||||
- name : stigrule_258219__etc_audit_rules_d_audit_rules__etc_group
|
- name: stigrule_258219__etc_audit_rules_d_audit_rules__etc_group
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /etc/group -p wa -k identity$'
|
regexp: '^-w /etc/group -p wa -k identity$'
|
||||||
@@ -2950,7 +2897,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258219_Manage
|
when: rhel9STIG_stigrule_258219_Manage
|
||||||
# R-258220 RHEL-09-654230
|
# R-258220 RHEL-09-654230
|
||||||
- name : stigrule_258220__etc_audit_rules_d_audit_rules__etc_gshadow
|
- name: stigrule_258220__etc_audit_rules_d_audit_rules__etc_gshadow
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /etc/gshadow -p wa -k identity$'
|
regexp: '^-w /etc/gshadow -p wa -k identity$'
|
||||||
@@ -2958,7 +2905,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258220_Manage
|
when: rhel9STIG_stigrule_258220_Manage
|
||||||
# R-258221 RHEL-09-654235
|
# R-258221 RHEL-09-654235
|
||||||
- name : stigrule_258221__etc_audit_rules_d_audit_rules__etc_security_opasswd
|
- name: stigrule_258221__etc_audit_rules_d_audit_rules__etc_security_opasswd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /etc/security/opasswd -p wa -k identity$'
|
regexp: '^-w /etc/security/opasswd -p wa -k identity$'
|
||||||
@@ -2966,7 +2913,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258221_Manage
|
when: rhel9STIG_stigrule_258221_Manage
|
||||||
# R-258222 RHEL-09-654240
|
# R-258222 RHEL-09-654240
|
||||||
- name : stigrule_258222__etc_audit_rules_d_audit_rules__etc_passwd
|
- name: stigrule_258222__etc_audit_rules_d_audit_rules__etc_passwd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /etc/passwd -p wa -k identity$'
|
regexp: '^-w /etc/passwd -p wa -k identity$'
|
||||||
@@ -2974,7 +2921,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258222_Manage
|
when: rhel9STIG_stigrule_258222_Manage
|
||||||
# R-258223 RHEL-09-654245
|
# R-258223 RHEL-09-654245
|
||||||
- name : stigrule_258223__etc_audit_rules_d_audit_rules__etc_shadow
|
- name: stigrule_258223__etc_audit_rules_d_audit_rules__etc_shadow
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /etc/shadow -p wa -k identity$'
|
regexp: '^-w /etc/shadow -p wa -k identity$'
|
||||||
@@ -2982,7 +2929,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258223_Manage
|
when: rhel9STIG_stigrule_258223_Manage
|
||||||
# R-258224 RHEL-09-654250
|
# R-258224 RHEL-09-654250
|
||||||
- name : stigrule_258224__etc_audit_rules_d_audit_rules__var_log_faillock
|
- name: stigrule_258224__etc_audit_rules_d_audit_rules__var_log_faillock
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /var/log/faillock -p wa -k logins$'
|
regexp: '^-w /var/log/faillock -p wa -k logins$'
|
||||||
@@ -2990,7 +2937,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258224_Manage
|
when: rhel9STIG_stigrule_258224_Manage
|
||||||
# R-258225 RHEL-09-654255
|
# R-258225 RHEL-09-654255
|
||||||
- name : stigrule_258225__etc_audit_rules_d_audit_rules__var_log_lastlog
|
- name: stigrule_258225__etc_audit_rules_d_audit_rules__var_log_lastlog
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /var/log/lastlog -p wa -k logins$'
|
regexp: '^-w /var/log/lastlog -p wa -k logins$'
|
||||||
@@ -2998,7 +2945,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258225_Manage
|
when: rhel9STIG_stigrule_258225_Manage
|
||||||
# R-258226 RHEL-09-654260
|
# R-258226 RHEL-09-654260
|
||||||
- name : stigrule_258226__etc_audit_rules_d_audit_rules__var_log_tallylog
|
- name: stigrule_258226__etc_audit_rules_d_audit_rules__var_log_tallylog
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-w /var/log/tallylog -p wa -k logins$'
|
regexp: '^-w /var/log/tallylog -p wa -k logins$'
|
||||||
@@ -3006,7 +2953,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258226_Manage
|
when: rhel9STIG_stigrule_258226_Manage
|
||||||
# R-258227 RHEL-09-654265
|
# R-258227 RHEL-09-654265
|
||||||
- name : stigrule_258227__etc_audit_rules_d_audit_rules_f2
|
- name: stigrule_258227__etc_audit_rules_d_audit_rules_f2
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-f 2$'
|
regexp: '^-f 2$'
|
||||||
@@ -3014,7 +2961,7 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258227_Manage
|
when: rhel9STIG_stigrule_258227_Manage
|
||||||
# R-258228 RHEL-09-654270
|
# R-258228 RHEL-09-654270
|
||||||
- name : stigrule_258228__etc_audit_rules_d_audit_rules_loginuid_immutable
|
- name: stigrule_258228__etc_audit_rules_d_audit_rules_loginuid_immutable
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^--loginuid-immutable$'
|
regexp: '^--loginuid-immutable$'
|
||||||
@@ -3022,34 +2969,22 @@
|
|||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258228_Manage
|
when: rhel9STIG_stigrule_258228_Manage
|
||||||
# R-258229 RHEL-09-654275
|
# R-258229 RHEL-09-654275
|
||||||
- name : stigrule_258229__etc_audit_rules_d_audit_rules_e2
|
- name: stigrule_258229__etc_audit_rules_d_audit_rules_e2
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '^-e 2$'
|
regexp: '^-e 2$'
|
||||||
line: "{{ rhel9STIG_stigrule_258229__etc_audit_rules_d_audit_rules_e2_Line }}"
|
line: "{{ rhel9STIG_stigrule_258229__etc_audit_rules_d_audit_rules_e2_Line }}"
|
||||||
notify: auditd_restart
|
notify: auditd_restart
|
||||||
when: rhel9STIG_stigrule_258229_Manage
|
when: rhel9STIG_stigrule_258229_Manage
|
||||||
# R-258234 RHEL-09-672010
|
# R-258234 RHEL-09-215100
|
||||||
- name: stigrule_258234_crypto_policies
|
- name: stigrule_258234_crypto_policies
|
||||||
yum:
|
yum:
|
||||||
name: crypto-policies
|
name: crypto-policies
|
||||||
state: "{{ rhel9STIG_stigrule_258234_crypto_policies_State }}"
|
state: "{{ rhel9STIG_stigrule_258234_crypto_policies_State }}"
|
||||||
when: rhel9STIG_stigrule_258234_Manage
|
when: rhel9STIG_stigrule_258234_Manage
|
||||||
# R-258239 RHEL-09-672035
|
# R-272488 RHEL-09-215101
|
||||||
- name: stigrule_258239__etc_pki_tls_openssl_cnf
|
- name: stigrule_272488_postfix
|
||||||
lineinfile:
|
yum:
|
||||||
path: /etc/pki/tls/openssl.cnf
|
name: postfix
|
||||||
line: "{{ rhel9STIG_stigrule_258239__etc_pki_tls_openssl_cnf_Line }}"
|
state: "{{ rhel9STIG_stigrule_272488_postfix_State }}"
|
||||||
create: yes
|
when: rhel9STIG_stigrule_272488_Manage
|
||||||
when:
|
|
||||||
- rhel9STIG_stigrule_258239_Manage
|
|
||||||
# R-258240 RHEL-09-672040
|
|
||||||
- name: stigrule_258240__etc_crypto_policies_back_ends_opensslcnf_config
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/crypto-policies/back-ends/opensslcnf.config
|
|
||||||
regexp: '^\s*TLS.MinProtocol\s*='
|
|
||||||
line: "{{ rhel9STIG_stigrule_258240__etc_crypto_policies_back_ends_opensslcnf_config_Line }}"
|
|
||||||
create: yes
|
|
||||||
notify: do_reboot
|
|
||||||
when:
|
|
||||||
- rhel9STIG_stigrule_258240_Manage
|
|
||||||
|
|||||||
@@ -164,4 +164,4 @@
|
|||||||
ansible.builtin.debug:
|
ansible.builtin.debug:
|
||||||
msg: "{{ msg.split('\n') }}"
|
msg: "{{ msg.split('\n') }}"
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
../execution_environments/requirements.yml
|
../execution_environments/requirements-25.yml
|
||||||
Reference in New Issue
Block a user