From 888464be850c4e4c720ced01159cabb46e41383b Mon Sep 17 00:00:00 2001 From: George Nalen <57152366+georgenalen@users.noreply.github.com> Date: Thu, 19 May 2022 08:21:57 -0700 Subject: [PATCH] 0.9.2 release (#18) * addiotnal variable to audot content location change Signed-off-by: Mark Bolwell * updated_docs Signed-off-by: Mark Bolwell * fixed CCCI typo Signed-off-by: Mark Bolwell * updated rule number Signed-off-by: Mark Bolwell * update for v1r6 Signed-off-by: Mark Bolwell * updated script Signed-off-by: Mark Bolwell Co-authored-by: Mark Bolwell Co-authored-by: uk-bolly <69214557+uk-bolly@users.noreply.github.com> --- Changelog.MD | 34 ++++++ .../RHEL-08-010000_010830/RHEL-08-010372.yml | 4 +- .../RHEL-08-010000_010830/RHEL-08-010373.yml | 4 +- .../RHEL-08-010000_010830/RHEL-08-010374.yml | 4 +- .../RHEL-08-010000_010830/RHEL-08-010430.yml | 4 +- .../RHEL-08-010000_010830/RHEL-08-010671.yml | 4 +- .../RHEL-08-030000_030740/RHEL-08-030181.yml | 2 +- .../RHEL-08-030000_030740/RHEL-08-030710.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040209.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040210.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040220.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040230.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040239.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040240.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040249.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040250.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040259.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040260.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040261.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040262.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040270.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040279.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040280.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040281.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040282.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040283.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040284.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040285.yml | 4 +- .../RHEL-08-040000_040390/RHEL-08-040286.yml | 4 +- cat_3/RHEL-08-010375.yml | 8 +- cat_3/RHEL-08-010376.yml | 4 +- cat_3/RHEL-08-040004.yml | 4 +- docs/Security_remediation_and_auditing.md | 111 ++++++++++++++---- run_audit.sh | 30 +++-- 34 files changed, 203 insertions(+), 98 deletions(-) diff --git a/Changelog.MD b/Changelog.MD index eae8280..2d319c1 100644 --- a/Changelog.MD +++ b/Changelog.MD @@ -1,5 +1,39 @@ # Changelog +## Stig V1R6 27th April 2022 + +- new Rule ID for all listed + + - RHEL-08-030710 + - RHEL-08-010372 + - RHEL-08-010373 + - RHEL-08-010375 + - RHEL-08-010376 + - RHEL-08-010430 + - RHEL-08-010671 + - RHEL-08-020090 + - RHEL-08-030181 + - RHEL-08-040004 + - RHEL-08-040209 + - RHEL-08-040210 + - RHEL-08-040220 + - RHEL-08-040230 + - RHEL-08-040239 + - RHEL-08-040240 + - RHEL-08-040250 + - RHEL-08-040259 + - RHEL-08-040260 + - RHEL-08-040261 + - RHEL-08-040262 + - RHEL-08-040270 + - RHEL-08-040279 + - RHEL-08-040280 + - RHEL-08-040281 + - RHEL-08-040282 + - RHEL-08-040283 + - RHEL-08-040284 + - RHEL-08-040285 + - RHEL-08-040286 ## Stig V1R5 27th January 2022 diff --git a/cat_2/RHEL-08-010000_010830/RHEL-08-010372.yml b/cat_2/RHEL-08-010000_010830/RHEL-08-010372.yml index f13f812..b983945 100644 --- a/cat_2/RHEL-08-010000_010830/RHEL-08-010372.yml +++ b/cat_2/RHEL-08-010000_010830/RHEL-08-010372.yml @@ -11,7 +11,7 @@ command: Cat: 2 CCI: CCI-001749 Group_Title: SRG-OS-000366-GPOS-00153 - Rule_ID: SV-230266r792870_rule + Rule_ID: SV-230266r818816_rule STIG_ID: RHEL-08-010372 Vul_ID: V-230266 kernel-param: @@ -22,7 +22,7 @@ kernel-param: Cat: 2 CCI: CCI-001749 Group_Title: SRG-OS-000366-GPOS-00153 - Rule_ID: SV-230266r792870_rule + Rule_ID: SV-230266r818816_rule STIG_ID: RHEL-08-010372 Vul_ID: V-230266 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-010000_010830/RHEL-08-010373.yml b/cat_2/RHEL-08-010000_010830/RHEL-08-010373.yml index 3f56163..ec24891 100644 --- a/cat_2/RHEL-08-010000_010830/RHEL-08-010373.yml +++ b/cat_2/RHEL-08-010000_010830/RHEL-08-010373.yml @@ -11,7 +11,7 @@ command: Cat: 2 CCI: CCI-001749 Group_Title: SRG-OS-000312-GPOS-00122 - Rule_ID: SV-230267r792873_rule + Rule_ID: SV-230267r818819_rule STIG_ID: RHEL-08-010373 Vul_ID: V-230267 kernel-param: @@ -22,7 +22,7 @@ kernel-param: Cat: 2 CCI: CCI-001749 Group_Title: SRG-OS-000312-GPOS-00122 - Rule_ID: SV-230267r792873_rule + Rule_ID: SV-230267r818819_rule STIG_ID: RHEL-08-010373 Vul_ID: V-230267 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-010000_010830/RHEL-08-010374.yml b/cat_2/RHEL-08-010000_010830/RHEL-08-010374.yml index e8593c4..715242f 100644 --- a/cat_2/RHEL-08-010000_010830/RHEL-08-010374.yml +++ b/cat_2/RHEL-08-010000_010830/RHEL-08-010374.yml @@ -11,7 +11,7 @@ command: Cat: 2 CCI: CCI-001749 Group_Title: SRG-OS-000312-GPOS-00122 - Rule_ID: SV-230268r792876_rule + Rule_ID: SV-230268r818822_rule STIG_ID: RHEL-08-010374 Vul_ID: V-230268 kernel-param: @@ -22,7 +22,7 @@ kernel-param: Cat: 2 CCI: CCI-001749 Group_Title: SRG-OS-000312-GPOS-00122 - Rule_ID: SV-230268r792876_rule + Rule_ID: SV-230268r818822_rule STIG_ID: RHEL-08-010374 Vul_ID: V-230268 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-010000_010830/RHEL-08-010430.yml b/cat_2/RHEL-08-010000_010830/RHEL-08-010430.yml index 185ffea..cb907ed 100644 --- a/cat_2/RHEL-08-010000_010830/RHEL-08-010430.yml +++ b/cat_2/RHEL-08-010000_010830/RHEL-08-010430.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-002824 Group_Title: SRG-OS-000433-GPOS-00193 - Rule_ID: SV-230280r792891_rule + Rule_ID: SV-230280r818831_rule STIG_ID: RHEL-08-010430 Vul_ID: V-230280 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-002824 Group_Title: SRG-OS-000433-GPOS-00193 - Rule_ID: SV-230280r792891_rule + Rule_ID: SV-230280r818831_rule STIG_ID: RHEL-08-010430 Vul_ID: V-230280 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-010000_010830/RHEL-08-010671.yml b/cat_2/RHEL-08-010000_010830/RHEL-08-010671.yml index 04b805e..d2fc209 100644 --- a/cat_2/RHEL-08-010000_010830/RHEL-08-010671.yml +++ b/cat_2/RHEL-08-010000_010830/RHEL-08-010671.yml @@ -10,7 +10,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230311r792894_rule + Rule_ID: SV-230311r818834_rule STIG_ID: RHEL-08-010671 Vul_ID: V-230311 command: @@ -25,7 +25,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230311r792894_rule + Rule_ID: SV-230311r818834_rule STIG_ID: RHEL-08-010671 Vul_ID: V-230311 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-030000_030740/RHEL-08-030181.yml b/cat_2/RHEL-08-030000_030740/RHEL-08-030181.yml index 74f1922..ccd1305 100644 --- a/cat_2/RHEL-08-030000_030740/RHEL-08-030181.yml +++ b/cat_2/RHEL-08-030000_030740/RHEL-08-030181.yml @@ -8,7 +8,7 @@ service: Cat: 2 CCI: CCI-000169 Group_Title: SRG-OS-000062-GPOS-00031 - Rule_ID: SV-244542r743875_rule + Rule_ID: SV-244542r818838_rule STIG_ID: RHEL-08-030181 Vul_ID: V-244542 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-030000_030740/RHEL-08-030710.yml b/cat_2/RHEL-08-030000_030740/RHEL-08-030710.yml index 9ede78f..00eecb7 100644 --- a/cat_2/RHEL-08-030000_030740/RHEL-08-030710.yml +++ b/cat_2/RHEL-08-030000_030740/RHEL-08-030710.yml @@ -13,7 +13,7 @@ command: Cat: 2 CCI: CCI-001851 Group_Title: SRG-OS-000342-GPOS-00133 - Rule_ID: SV-230481r627750_rule + Rule_ID: SV-230481r818840_rule STIG_ID: RHEL-08-030710 Vul_ID: V-230481 netstream_driver_mode: @@ -30,7 +30,7 @@ command: Cat: 2 CCI: CCI-001851 Group_Title: SRG-OS-000342-GPOS-00133 - Rule_ID: SV-230481r627750_rule + Rule_ID: SV-230481r818840_rule STIG_ID: RHEL-08-030710 Vul_ID: V-230481 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040209.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040209.yml index 69fb7d0..560ba1b 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040209.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040209.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-244550r792987_rule + Rule_ID: SV-244550r818845_rule STIG_ID: RHEL-08-040209 Vul_ID: V-244550 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-244550r792987_rule + Rule_ID: SV-244550r818845_rule STIG_ID: RHEL-08-040209 Vul_ID: V-244550 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040210.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040210.yml index 905a742..25e3d3a 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040210.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040210.yml @@ -7,7 +7,7 @@ net.ipv6.conf.default.accept_redirects: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230535r792936_rule + Rule_ID: SV-230535r818848_rule STIG_ID: RHEL-08-040210 Vul_ID: V-230535 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230535r792936_rule + Rule_ID: SV-230535r818848_rule STIG_ID: RHEL-08-040210 Vul_ID: V-230535 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040220.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040220.yml index e98c57f..c7bf164 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040220.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040220.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230536r792939_rule + Rule_ID: SV-230536r818851_rule STIG_ID: RHEL-08-040220 Vul_ID: V-230536 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230536r792939_rule + Rule_ID: SV-230536r818851_rule STIG_ID: RHEL-08-040220 Vul_ID: V-230536 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040230.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040230.yml index e1514a6..2f53853 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040230.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040230.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230537r792942_rule + Rule_ID: SV-230537r818854_rule STIG_ID: RHEL-08-040230 Vul_ID: V-230537 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230537r792942_rule + Rule_ID: SV-230537r818854_rule STIG_ID: RHEL-08-040230 Vul_ID: V-230537 diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040239.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040239.yml index 0ed37f0..2c20c23 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040239.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040239.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-244551r792990_rule + Rule_ID: SV-244551r818857_rule STIG_ID: RHEL-08-040239 Vul_ID: V-244551 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-244551r792990_rule + Rule_ID: SV-244551r818857_rule STIG_ID: RHEL-08-040239 Vul_ID: V-244551 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040240.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040240.yml index 0794241..81d498d 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040240.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040240.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230538r792945_rule + Rule_ID: SV-230538r818860_rule STIG_ID: RHEL-08-040240 Vul_ID: V-230538 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230538r792945_rule + Rule_ID: SV-230538r818860_rule STIG_ID: RHEL-08-040240 Vul_ID: V-230538 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040249.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040249.yml index 8a129d6..7aa54fb 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040249.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040249.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-244552r792993_rule + Rule_ID: SV-244552r818863_rule STIG_ID: RHEL-08-040249 Vul_ID: V-244552 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-244552r792993_rule + Rule_ID: SV-244552r818863_rule STIG_ID: RHEL-08-040249 Vul_ID: V-244552 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040250.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040250.yml index 37dbc85..f37fd00 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040250.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040250.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230539r792948_rule + Rule_ID: SV-230539r818866_rule STIG_ID: RHEL-08-040250 Vul_ID: V-230539 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230539r792948_rule + Rule_ID: SV-230539r818866_rule STIG_ID: RHEL-08-040250 Vul_ID: V-230539 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040259.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040259.yml index 31f1282..df9e959 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040259.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040259.yml @@ -8,7 +8,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: V-250317r793008_rule + Rule_ID: SV-250317r818869_rule STIG_ID: RHEL-08-040259 Vul_ID: V-250317 command: @@ -23,7 +23,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: V-250317r793008_rule + Rule_ID: SV-250317r818869_rule STIG_ID: RHEL-08-040259 Vul_ID: V-250317 {{ end }} diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040260.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040260.yml index fc82d7f..33e98a8 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040260.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040260.yml @@ -8,7 +8,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230540r792951_rule + Rule_ID: SV-230540r818872_rule STIG_ID: RHEL-08-040260 Vul_ID: V-230540 command: @@ -23,7 +23,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230540r792951_rule + Rule_ID: SV-230540r818872_rule STIG_ID: RHEL-08-040260 Vul_ID: V-230540 {{ end }} diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040261.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040261.yml index 6ac3f15..fe60406 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040261.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040261.yml @@ -8,7 +8,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230541r792954_rule + Rule_ID: SV-230541r818875_rule STIG_ID: RHEL-08-040261 Vul_ID: V-230541 command: @@ -23,7 +23,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230541r792954_rule + Rule_ID: SV-230541r818875_rule STIG_ID: RHEL-08-040261 Vul_ID: V-230541 {{ end }} diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040262.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040262.yml index b13e3fd..d333f16 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040262.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040262.yml @@ -8,7 +8,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230542r792957_rule + Rule_ID: SV-230542r818878_rule STIG_ID: RHEL-08-040262 Vul_ID: V-230542 command: @@ -23,7 +23,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230542r792957_rule + Rule_ID: SV-230542r818878_rule STIG_ID: RHEL-08-040262 Vul_ID: V-230542 {{ end }} diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040270.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040270.yml index 35c3f3e..8ba4066 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040270.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040270.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230543r792960_rule + Rule_ID: SV-230543r818881_rule STIG_ID: RHEL-08-040270 Vul_ID: V-230543 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230543r792960_rule + Rule_ID: SV-230543r818881_rule STIG_ID: RHEL-08-040270 Vul_ID: V-230543 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040279.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040279.yml index 32950d6..b79069c 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040279.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040279.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-244553r792996_rule + Rule_ID: SV-244553r818884_rule STIG_ID: RHEL-08-040279 Vul_ID: V-24533 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-244553r792996_rule + Rule_ID: SV-244553r818884_rule STIG_ID: RHEL-08-040279 Vul_ID: V-24533 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040280.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040280.yml index 391929a..3d574bf 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040280.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040280.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230544r792963_rule + Rule_ID: SV-230544r818887_rule STIG_ID: RHEL-08-040280 Vul_ID: V-230544 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230544r792963_rule + Rule_ID: SV-230544r818887_rule STIG_ID: RHEL-08-040280 Vul_ID: V-230544 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040281.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040281.yml index 468b0ee..2d3b8bf 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040281.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040281.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230545r792966_rule + Rule_ID: SV-230545r818890_rule STIG_ID: RHEL-08-040281 Vul_ID: V-230545 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230545r792966_rule + Rule_ID: SV-230545r818890_rule STIG_ID: RHEL-08-040281 Vul_ID: V-230545 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040282.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040282.yml index 287dc75..f882617 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040282.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040282.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230546r792969_rule + Rule_ID: SV-230546r818893_rule STIG_ID: RHEL-08-040282 Vul_ID: V-230546 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230546r792969_rule + Rule_ID: SV-230546r818893_rule STIG_ID: RHEL-08-040282 Vul_ID: V-230546 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040283.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040283.yml index a6cc282..bbf7e6c 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040283.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040283.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230547r792972_rule + Rule_ID: SV-230547r818896_rule STIG_ID: RHEL-08-040283 Vul_ID: V-230547 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230547r792972_rule + Rule_ID: SV-230547r818896_rule STIG_ID: RHEL-08-040283 Vul_ID: V-230547 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040284.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040284.yml index 81eab0e..5c14a06 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040284.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040284.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230548r792975_rule + Rule_ID: SV-230548r818899_rule STIG_ID: RHEL-08-040284 Vul_ID: V-230548 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230548r792975_rule + Rule_ID: SV-230548r818899_rule STIG_ID: RHEL-08-040284 Vul_ID: V-230548 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040285.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040285.yml index c7841a9..8d002ac 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040285.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040285.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230549r792978_rule + Rule_ID: SV-230549r818902_rule STIG_ID: RHEL-08-040285 Vul_ID: V-230549 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-230549r792978_rule + Rule_ID: SV-230549r818902_rule STIG_ID: RHEL-08-040285 Vul_ID: V-230549 {{ end }} \ No newline at end of file diff --git a/cat_2/RHEL-08-040000_040390/RHEL-08-040286.yml b/cat_2/RHEL-08-040000_040390/RHEL-08-040286.yml index f564b25..c296c53 100644 --- a/cat_2/RHEL-08-040000_040390/RHEL-08-040286.yml +++ b/cat_2/RHEL-08-040000_040390/RHEL-08-040286.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-244554r792999_rule + Rule_ID: SV-244554r818905_rule STIG_ID: RHEL-08-040286 Vul_ID: V-244554 command: @@ -22,7 +22,7 @@ command: Cat: 2 CCI: CCI-000366 Group_Title: SRG-OS-000480-GPOS-00227 - Rule_ID: SV-244554r792999_rule + Rule_ID: SV-244554r818905_rule STIG_ID: RHEL-08-040286 Vul_ID: V-244554 {{ end }} \ No newline at end of file diff --git a/cat_3/RHEL-08-010375.yml b/cat_3/RHEL-08-010375.yml index f07b475..4178905 100644 --- a/cat_3/RHEL-08-010375.yml +++ b/cat_3/RHEL-08-010375.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 3 CCI: CCI-001090 Group_Title: SRG-OS-000138-GPOS-00069 - Rule_ID: SV-230269r792879_rule + Rule_ID: SV-230269r818825_rule STIG_ID: RHEL-08-010375 Vul_ID: V-230269 command: @@ -20,9 +20,9 @@ command: - '!/.*kernel.dmesg_restrict( |)=( |)0/' meta: Cat: 3 - CCCI: CCI-001090 + CCI: CCI-001090 Group_Title: SRG-OS-000138-GPOS-00069 - Rule_ID: SV-230269r792879_rule + Rule_ID: SV-230269r818825_rule STIG_ID: RHEL-08-010375 Vul_ID: V-230269 -{{ end }} \ No newline at end of file +{{ end }} diff --git a/cat_3/RHEL-08-010376.yml b/cat_3/RHEL-08-010376.yml index 209552a..df83120 100644 --- a/cat_3/RHEL-08-010376.yml +++ b/cat_3/RHEL-08-010376.yml @@ -7,7 +7,7 @@ kernel-param: Cat: 3 CCI: CCI-001090 Group_Title: SRG-OS-000138-GPOS-00069 - Rule_ID: SV-230270r792882_rule + Rule_ID: SV-230270r818828_rule STIG_ID: RHEL-08-010376 Vul_ID: V-230270 command: @@ -22,7 +22,7 @@ command: Cat: 3 CCI: CCI-001090 Group_Title: SRG-OS-000138-GPOS-00069 - Rule_ID: SV-230270r792882_rule + Rule_ID: SV-230270r818828_rule STIG_ID: RHEL-08-010376 Vul_ID: V-230270 {{ end }} \ No newline at end of file diff --git a/cat_3/RHEL-08-040004.yml b/cat_3/RHEL-08-040004.yml index f3a424d..5b8b566 100644 --- a/cat_3/RHEL-08-040004.yml +++ b/cat_3/RHEL-08-040004.yml @@ -10,7 +10,7 @@ file: Cat: 3 CCI: CCI-000381 Group_Title: SRG-OS-000095-GPOS-00049 - Rule_ID: SV-230491r792908_rule + Rule_ID: SV-230491r818842_rule STIG_ID: RHEL-08-040004 Vul_ID: V-230491 command: @@ -25,7 +25,7 @@ command: Cat: 3 CCI: CCI-000381 Group_Title: SRG-OS-000095-GPOS-00049 - Rule_ID: SV-230491r792908_rule + Rule_ID: SV-230491r818842_rule STIG_ID: RHEL-08-040004 Vul_ID: V-230491 {{ end }} \ No newline at end of file diff --git a/docs/Security_remediation_and_auditing.md b/docs/Security_remediation_and_auditing.md index 6c58df4..e38c726 100644 --- a/docs/Security_remediation_and_auditing.md +++ b/docs/Security_remediation_and_auditing.md @@ -62,6 +62,7 @@ It can be run in two ways: - RHEL 7 - RHEL 8 +- RHEL 9 (this is not yet GA as an OS but based on rh8) - Ubuntu 20.04 - Windows 2016 Standalone, Member and Controller (in testing August 21) - Windows 2019 Standalone, Member and Controller (in testing August 21) @@ -132,16 +133,24 @@ Minimal setup -- needs access to github ## Alternate source options -```audit_content``` +```audit_run_script_environment``` + +- Set correct env for the run_audit.sh script from https://github.com/ansible-lockdown/{{ benchmark }}-Audit.git" + +```yaml +audit_run_script_environment: + AUDIT_BIN: "{{ audit_bin }}" + AUDIT_FILE: 'goss.yml' + AUDIT_CONTENT_LOCATION: "{{ audit_out_dir }}" +``` -> default: git +```audit_content``` -- Where the audit content is being retrieved from options include - - git: +> default: git # where the audit content is being pulled from if running from local ```audit_file_git``` -> default: ```https://github.com/ansible-lockdown/{{ benchmark }}-Audit.git``` +> default: https://github.com/ansible-lockdown/{{ benchmark }}-Audit.git ```audit_git_version``` @@ -159,26 +168,29 @@ We have allowed two options using the same variables - Settings: - ```audit_conf_copy``` +```audit_conf_copy``` + + > default: (change accordingly for your environment) - > default: (change accordingly for your environment) +e.g. Path on the control node to copy path/archive from - e.g. Path on the control node to copy path/archive from +```audit_conf_dir``` - ```audit_conf_dir``` (change as required copy as dir or extract archive) +(change as required copy as dir or extract archive) - > Directory on the managed node where the audit conf files will run - > from. - > - > Used for the copy and the running of the audit + > Directory on the managed node where the audit conf files will run + > from. + > Used for the copy and the running of the audit Alternate options ```get_url``` ( to be set according to your requirements) +```yaml - {{ audit_file_url }} -- As description +``` -```local or none``` +- local or none > This assumes content is already on the system and utilises the check > that are already there (see audit_conf_dir setting) @@ -282,9 +294,9 @@ script variables example: ```sh -AUDIT_BIN=/usr/local/bin/goss # location of the goss executable -AUDIT_FILE=goss.yml # the default goss file used by the audit provided by the audit configuration -AUDIT_CONTENT_LOCATION=/var/tmp # Location of the audit configuration file as available to the OS +AUDIT_BIN="${AUDIT_BIN:-/usr/local/bin/goss}" # location of the goss executable +AUDIT_FILE="${AUDIT_FILE:-goss.yml}" # the default goss file used by the audit provided by the audit configuration +AUDIT_CONTENT_LOCATION="${AUDIT_CONTENT_LOCATION:-/var/tmp}" # Location of the audit configuration file as available to the OS ``` script help @@ -292,8 +304,9 @@ script help ```sh Script to run the goss audit -Syntax: ./run_audit.sh [-g|-o|-v|-w|-h] +Syntax: ./run_audit.sh [-f|-g|-o|-v|-w|-h] options: +-f optional - change the format output (default value = json) -g optional - Add a group that the server should be grouped with (default value = ungrouped) -o optional - file to output audit data -v optional - relative path to thevars file to load (default e.g. /var/tmp/RHEL7-CIS/vars/CIS.yml) @@ -308,12 +321,62 @@ Other options can be assigned in the script itself Similar to the Linux variables that can be set within the script ```sh -$AUDIT_BIN = "C:\vagrant\goss.exe" -$AUDIT_FILE = "goss.yml" -$AUDIT_VARS = "vars\$BENCHMARK.yml" -$AUDIT_CONTENT_LOCATION = "C:\vagrant" -$AUDIT_CONTENT_VERSION = "Win2019-$BENCHMARK-Audit" -$AUDIT_CONTENT_DIR = "$AUDIT_CONTENT_LOCATION\$AUDIT_CONTENT_VERSION" +NAME + C:\remediation_audit_logs\Windows-2019-CIS-Audit\run_audit.ps1 + +SYNOPSIS + Wrapper script to run an audit + + +SYNTAX + C:\remediation_audit_logs\Windows-2016-CIS-Audit\run_audit.ps1 [[-auditbin] ] [[-auditdir] ] + [[-varsfile] ] [[-group] ] [[-outfile] ] [] + + +DESCRIPTION + Wrapper script to run an audit on the system using goss. + This allows for bespoke variables to be set + + +PARAMETERS + -auditbin + + -auditdir + default: $DEFAULT_CONTENT_DIR + Ability to change the location of where the content can be found + This is where the audit content is stored + e.g. c:/windows_audit + + -varsfile + default: $DEFAULT_VARS_FILE + Ability to set a variable file defined with the settings to match your requirements + + -group + default: none + Ability to set a group that the system belongs to + Can be used when matching similar system in that same group + + -outfile + default: $AUDIT_CONTENT_DIR\audit_$host_os_hostname_$host_epoch.json + Ability to set an outfile to send the full audit output to + Requires path to be set. + e.g. c:/windows_audit_reports + + + This cmdlet supports the common parameters: Verbose, Debug, + ErrorAction, ErrorVariable, WarningAction, WarningVariable, + OutBuffer, PipelineVariable, and OutVariable. For more information, see + about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216). + + -------------------------- EXAMPLE 1 -------------------------- + + PS C:\>./run_audit.ps1 + + ./run_audit.ps1 -auditbin c:\path_to\binary.name + ./run_audit.ps1 -auditdir c:\somepath_for _audit_content + ./run_audit.ps1 -varsfile myvars.yml + ./run_audit.ps1 -outfile path\to\audit\output.json + ./run_audit.ps1 -group webserver ``` script itself diff --git a/run_audit.sh b/run_audit.sh index 9e8e4e1..2198226 100755 --- a/run_audit.sh +++ b/run_audit.sh @@ -7,6 +7,8 @@ # - Ability to run as script from remediation role increased consistency # 17 Dec 2021 - Added system_type variable - default Server will change to workstations with -w switch # 02 Mar 2022 - Updated benchmark variable naming +# 06 Apr 2022 - Added format option in output inline with goss options e.g. json documentation this is for fault finding +# 03 May 2022 - update for audit variables improvement added by @pavloos - https://github.com/ansible-lockdown/RHEL8-CIS-Audit/pull/29 #!/bin/bash @@ -16,25 +18,25 @@ # lower case variables are discovered or built from other variables # Goss host Variables -AUDIT_BIN=/usr/local/bin/goss # location of the goss executable -AUDIT_FILE=goss.yml # the default goss file used by the audit provided by the audit configuration -AUDIT_CONTENT_LOCATION=/var/tmp # Location of the audit configuration file as available to the OS +AUDIT_BIN="${AUDIT_BIN:-/usr/local/bin/goss}" # location of the goss executable +AUDIT_FILE="${AUDIT_FILE:-goss.yml}" # the default goss file used by the audit provided by the audit configuration +AUDIT_CONTENT_LOCATION="${AUDIT_CONTENT_LOCATION:-/var/tmp}" # Location of the audit configuration file as available to the OS # Goss benchmark variables (these should not need changing unless new release) BENCHMARK=STIG # Benchmark Name aligns to the audit -BENCHMARK_VER=1.5 +BENCHMARK_VER=V1R6 BENCHMARK_OS=RHEL8 - # help output Help() { # Display Help echo "Script to run the goss audit" echo - echo "Syntax: $0 [-g|-o|-v|-w|-h]" + echo "Syntax: $0 [-f|-g|-o|-v|-w|-h]" echo "options:" + echo "-f optional - change the format output (default value = json)" echo "-g optional - Add a group that the server should be grouped with (default value = ungrouped)" echo "-o optional - file to output audit data" echo "-v optional - relative path to thevars file to load (default e.g. $AUDIT_CONTENT_LOCATION/RHEL7-$BENCHMARK/vars/$BENCHMARK.yml)" @@ -48,8 +50,9 @@ Help() host_system_type=Server ## option statement -while getopts g:o:v::wh option; do +while getopts f:g:o:v::wh option; do case "${option}" in + f ) FORMAT=${OPTARG} ;; g ) GROUP=${OPTARG} ;; o ) OUTFILE=${OPTARG} ;; v ) VARS_PATH=${OPTARG} ;; @@ -72,10 +75,8 @@ if [ $(/usr/bin/id -u) -ne 0 ]; then exit 1 fi - #### Main Script - # Discover OS version aligning with audit # Define os_vendor variable if [ `grep -c rhel /etc/os-release` != 0 ]; then @@ -89,6 +90,13 @@ audit_content_version=$os_vendor$os_maj_ver-$BENCHMARK-Audit audit_content_dir=$AUDIT_CONTENT_LOCATION/$audit_content_version audit_vars=vars/${BENCHMARK}.yml +# Set variable for format output +if [ -z $FORMAT ]; then + export format="json" +else + export format=$FORMAT +fi + # Set variable for autogroup if [ -z $GROUP ]; then export auto_group="ungrouped" @@ -121,7 +129,7 @@ host_os_hostname=`hostname` ## Set variable audit_out if [ -z $OUTFILE ]; then - export audit_out=$AUDIT_CONTENT_LOCATION/audit_${host_os_hostname}_${host_epoch}.json + export audit_out=$AUDIT_CONTENT_LOCATION/audit_${host_os_hostname}_${host_epoch}.$format else export audit_out=$OUTFILE fi @@ -165,7 +173,7 @@ echo "#############" echo "Audit Started" echo "#############" echo -$AUDIT_BIN -g $audit_content_dir/$AUDIT_FILE --vars $varfile_path --vars-inline $audit_json_vars v -f json -o pretty > $audit_out +$AUDIT_BIN -g $audit_content_dir/$AUDIT_FILE --vars $varfile_path --vars-inline $audit_json_vars v -f $format -o pretty > $audit_out # create screen output if [ `grep -c $BENCHMARK $audit_out` != 0 ]; then