Update 4.1.3.19 CIS requirement for RHEL8 and RHEL9 #10491
Conversation
marcusburghardt
added
New Rule
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
|
This datastream diff is auto generated by the check Click here to see the full diffNew content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit'.
--- xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit
+++ xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit
@@ -413,7 +413,7 @@
RHEL-08-030360
[reference]:
-4.1.15
+4.1.3.19
[reference]:
SV-230438r810464_rule
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod
@@ -78,6 +78,9 @@
RHEL-08-030580
[reference]:
+4.1.3.19
+
+[reference]:
SV-230465r627750_rule
[rationale]: |
marcusburghardt
force-pushed
the
cis_audit_kernel_modules
branch
2 times, most recently
from
957b1de to
8d8262c
Compare
|
|
||
| references: | ||
| cis@alinux3: 4.1.3.26 | ||
| cis@rhel7: 4.1.16 |
There was a problem hiding this comment.
I am confused about this line... you are adding the reference, but the rule is not added to the respective profile. Also upon inspection of the latest ICS benchmark for RHEL 7, I can't find mention of this syscall.
There was a problem hiding this comment.
Correct. It was included by mistake there. The changes in this commit are only for RHEL 8 and RHEL 9. I will amend the respective commit to avoid confusion.
...configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/rule.yml
Show resolved
Hide resolved
Enabled the audit_rules_kernel_module_loading_create rule for RHEL8 and RHEL9.
Include a rule required by CIS for RHEL8 and RHEL9. It safisfies the 4.1.3.19 requirement, which asks to collect logs about kernel module loading, unloading and modification.
This requirement is now complete and better aligned to the CIS Benchmark for RHEL8 and RHEL9.
This rule was based on another rule and during the description modification, one line was missed making the sentence incomplete. The beginning of the sentence has been corrected.
marcusburghardt
force-pushed
the
cis_audit_kernel_modules
branch
from
8d8262c to
12305ec
Compare
|
Code Climate has analyzed commit 12305ec and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 52.4% (0.0% change). View more on Code Climate. |
Description:
Include a rule required by CIS for RHEL8 and RHEL9.
It satisfies the
4.1.3.19requirement, which asks to collect logs about kernel module loading, unloading and modification.Rationale:
Better CIS coverage for RHEL