Add modified audit suid privilege function rule for CIS #10729
Conversation
|
Hi @Mackemania. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
Mackemania
force-pushed
the
cis_rhel8_rhel9_audit_suid
branch
2 times, most recently
from
a6e4d80 to
38076ee
Compare
|
This datastream diff is auto generated by the check Click here to see the full diffNew content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function'.
--- xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function
+++ xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function
@@ -91,9 +91,6 @@
RHEL-08-030000
[reference]:
-4.1.3.2
-
-[reference]:
SV-230386r854037_rule
[rationale]: |
Mackemania
force-pushed
the
cis_rhel8_rhel9_audit_suid
branch
from
38076ee to
f00213a
Compare
|
Could you provide more details about the differences between STIG and CIS regarding the |
STIG definition: CIS definition STIG has focused on both uid and gid while CIS only cares about the uid. The reason why the CIS Workbench fails the analysis is the missing |
Mackemania
force-pushed
the
cis_rhel8_rhel9_audit_suid
branch
4 times, most recently
from
89c1fbc to
2064493
Compare
Add a new rule to accommodate the differences between STIG and CIS regarding execve audit in RHEL8 and RHEL9. When analyzing a RHEL8 or RHEL9 server with the CIS Workbench after remidiation it fails the settings of `audit execve` because of a difference between STIG and CIS in recommended settings.
Mackemania
force-pushed
the
cis_rhel8_rhel9_audit_suid
branch
from
2064493 to
fe6384a
Compare
|
@Mackemania: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
jan-cerny
added
New Rule
|
Would it be possible to rerun the checks? |
Thanks for the context. I think this could also be resolved with variables instead of a new rule. Please, consider the introduction of a variable for this rule or renaming the new rule. |
Thank you! I will change the name, we tried introducing variables, but since the benchmark isn't available when compiling the Jinja macros for the remidiations and documentation it became impossible. |
Mackemania
force-pushed
the
cis_rhel8_rhel9_audit_suid
branch
from
d5c8be2 to
4651877
Compare
...ting/auditd_configure_rules/audit_rules_suid_auid_privilege_function/tests/use_f_key.pass.sh
Outdated
Show resolved
Hide resolved
Co-authored-by: Jan Černý <jcerny@redhat.com>
|
The fail on Fedora Rawhide is caused by OpenSCAP/openscap#1995 and isn't related to the contents of this PR. |
|
Code Climate has analyzed commit 85f0389 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 52.8% (0.0% change). View more on Code Climate. |
|
/packit test |
Description:
Add a new rule to accommodate the differences between STIG and CIS regarding execve audit in RHEL8 and RHEL9.
When analyzing a RHEL8 or RHEL9 server with the CIS Workbench after remidiation it fails the settings of
audit execvebecause of a difference between STIG and CIS in recommended settings.Review Hints:
The new rule is a modified copy of the rule
audit_rules_suid_privilege_function.