diff --git a/controls/cis_rhel7.yml b/controls/cis_rhel7.yml
index 728ff3a1887..a31eb57c0bc 100644
--- a/controls/cis_rhel7.yml
+++ b/controls/cis_rhel7.yml
@@ -1472,216 +1472,6 @@ controls:
related_rules:
- service_ip6tables_enabled
- - id: 4.1.1.1
- title: Ensure auditd is installed (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - package_audit_installed
- - package_audit-libs_installed
-
- - id: 4.1.1.2
- title: Ensure auditd service is enabled and running (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - service_auditd_enabled
-
- - id: 4.1.1.3
- title: Ensure auditing for processes that start prior to auditd is enabled (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - grub2_audit_argument
-
- - id: 4.1.2.1
- title: Ensure audit log storage size is configured (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - auditd_data_retention_max_log_file
- - var_auditd_max_log_file=6
-
- - id: 4.1.2.2
- title: Ensure audit logs are not automatically deleted (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - auditd_data_retention_max_log_file_action
- - var_auditd_max_log_file_action=keep_logs
-
- - id: 4.1.2.3
- title: Ensure system is disabled when audit logs are full (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - auditd_data_retention_space_left_action
- - var_auditd_space_left_action=email
- - auditd_data_retention_action_mail_acct
- - var_auditd_action_mail_acct=root
- - auditd_data_retention_admin_space_left_action
- - var_auditd_admin_space_left_action=halt
-
- - id: 4.1.2.4
- title: Ensure audit_backlog_limit is sufficient (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- notes: <-
- Note that currently the value is hardcoded to 8192
- rules:
- - grub2_audit_backlog_limit_argument
-
- - id: 4.1.3
- title: Ensure events that modify date and time information are collected (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - audit_rules_time_adjtimex
- - audit_rules_time_settimeofday
- - audit_rules_time_clock_settime
- - audit_rules_time_stime
- - audit_rules_time_watch_localtime
-
- - id: 4.1.4
- title: Ensure events that modify user/group information are collected (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - audit_rules_usergroup_modification_group
- - audit_rules_usergroup_modification_gshadow
- - audit_rules_usergroup_modification_opasswd
- - audit_rules_usergroup_modification_passwd
- - audit_rules_usergroup_modification_shadow
-
- - id: 4.1.5
- title: Ensure events that modify the system's network environment are collected (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - audit_rules_networkconfig_modification
-
- - id: 4.1.6
- title: Ensure events that modify the system's Mandatory Access Controls are collected (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - audit_rules_mac_modification
- - audit_rules_mac_modification_usr_share
-
- - id: 4.1.7
- title: Ensure login and logout events are collected (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - audit_rules_login_events_faillock
- - audit_rules_login_events_lastlog
-
- - id: 4.1.8
- title: Ensure session initiation information is collected (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - audit_rules_session_events
-
- - id: 4.1.9
- title: Ensure discretionary access control permission modification events are collected (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - audit_rules_dac_modification_fchmod
- - audit_rules_dac_modification_fchmodat
- - audit_rules_dac_modification_chmod
- - audit_rules_dac_modification_fchown
- - audit_rules_dac_modification_fchownat
- - audit_rules_dac_modification_chown
- - audit_rules_dac_modification_lchown
- - audit_rules_dac_modification_fremovexattr
- - audit_rules_dac_modification_fsetxattr
- - audit_rules_dac_modification_lremovexattr
- - audit_rules_dac_modification_lsetxattr
- - audit_rules_dac_modification_removexattr
- - audit_rules_dac_modification_setxattr
-
- - id: 4.1.10
- title: Ensure unsuccessful unauthorized file access attempts are collected (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - audit_rules_unsuccessful_file_modification_creat
- - audit_rules_unsuccessful_file_modification_open
- - audit_rules_unsuccessful_file_modification_openat
- - audit_rules_unsuccessful_file_modification_truncate
- - audit_rules_unsuccessful_file_modification_ftruncate
-
- - id: 4.1.11
- title: Ensure use of privileged commands is collected (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - audit_rules_privileged_commands
-
- - id: 4.1.12
- title: Ensure successful file system mounts are collected (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - audit_rules_media_export
-
- - id: 4.1.13
- title: Ensure file deletion events by users are collected (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - audit_rules_file_deletion_events_rename
- - audit_rules_file_deletion_events_renameat
- - audit_rules_file_deletion_events_unlink
- - audit_rules_file_deletion_events_unlinkat
-
- - id: 4.1.14
- title: Ensure changes to system administration scope (sudoers) is collected (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - audit_rules_sysadmin_actions
-
- id: 4.1.15
title: Ensure system administrator command executions (sudo) are collected (Automated)
levels:
@@ -1701,17 +1491,6 @@ controls:
- audit_rules_privileged_commands_insmod
- audit_rules_privileged_commands_rmmod
- audit_rules_privileged_commands_modprobe
- - audit_rules_kernel_module_loading_delete
- - audit_rules_kernel_module_loading_init
-
- - id: 4.1.17
- title: Ensure the audit configuration is immutable (Automated)
- levels:
- - l2_server
- - l2_workstation
- status: automated
- rules:
- - audit_rules_immutable
- id: 4.2.1
title: Ensure permissions on /etc/ssh/sshd_config are configured (Automated)
@@ -1938,7 +1717,7 @@ controls:
- sshd_set_max_sessions
- var_sshd_max_sessions=10
- - id: 4.2.1.1
+ - id: 5.1.1.1
title: Ensure rsyslog is installed (Automated)
levels:
- l1_server
@@ -1947,17 +1726,26 @@ controls:
rules:
- package_rsyslog_installed
- - id: 4.2.1.2
- title: Ensure rsyslog Service is enabled and running (Automated)
+ - id: 5.1.1.2
+ title: Ensure rsyslog service is enabled (Manual)
levels:
- l1_server
- l1_workstation
- status: automated
- rules:
+ status: manual
+ related_rules:
- service_rsyslog_enabled
- - id: 4.2.1.3
- title: Ensure rsyslog default file permissions configured (Automated)
+ - id: 5.1.1.3
+ title: Ensure journald is configured to send logs to rsyslog (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ related_rules:
+ - journald_forward_to_syslog
+
+ - id: 5.1.1.4
+ title: Ensure rsyslog default file permissions are configured (Automated)
levels:
- l1_server
- l1_workstation
@@ -1965,39 +1753,73 @@ controls:
rules:
- rsyslog_filecreatemode
- - id: 4.2.1.4
+ - id: 5.1.1.5
title: Ensure logging is configured (Manual)
levels:
- l1_server
- l1_workstation
status: manual
- - id: 4.2.1.5
- title: Ensure rsyslog is configured to send logs to a remote log host (Automated)
+ - id: 5.1.1.6
+ title: Ensure rsyslog is configured to send logs to a remote log host (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ related_rules:
+ - rsyslog_remote_loghost
+
+ - id: 5.1.1.7
+ title: Ensure rsyslog is not configured to receive logs from a remote client (Automated)
levels:
- l1_server
- l1_workstation
status: automated
rules:
- - rsyslog_remote_loghost
+ - rsyslog_nolisten
- - id: 4.2.1.6
- title: Ensure remote rsyslog messages are only accepted on designated log hosts. (Manual)
+ - id: 5.1.2.1.1
+ title: Ensure systemd-journal-remote is installed (Manual)
levels:
- l1_server
- l1_workstation
status: manual
+ related_rules:
+ - package_systemd-journal-remote_installed
- - id: 4.2.2.1
- title: Ensure journald is configured to send logs to rsyslog (Automated)
+ - id: 5.1.2.1.2
+ title: Ensure systemd-journal-remote is configured (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+
+ - id: 5.1.2.1.3
+ title: Ensure systemd-journal-remote is enabled (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+
+ - id: 5.1.2.1.4
+ title: Ensure journald is not configured to receive logs from a remote client (Automated)
levels:
- l1_server
- l1_workstation
status: automated
rules:
- - journald_forward_to_syslog
+ - socket_systemd-journal-remote_disabled
+
+ - id: 5.1.2.2
+ title: Ensure journald service is enabled (Automated)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - service_systemd-journald_enabled
- - id: 4.2.2.2
+ - id: 5.1.2.3
title: Ensure journald is configured to compress large log files (Automated)
levels:
- l1_server
@@ -2006,7 +1828,7 @@ controls:
rules:
- journald_compress
- - id: 4.2.2.3
+ - id: 5.1.2.4
title: Ensure journald is configured to write logfiles to persistent disk (Automated)
levels:
- l1_server
@@ -2015,16 +1837,21 @@ controls:
rules:
- journald_storage
- - id: 4.2.3
- title: Ensure permissions on all logfiles are configured (Manual)
+ - id: 5.1.2.5
+ title: Ensure journald is not configured to send logs to rsyslog (Manual)
levels:
- l1_server
- l1_workstation
status: manual
- rules:
- - rsyslog_files_permissions
- - id: 4.2.4
+ - id: 5.1.2.6
+ title: Ensure journald log rotation is configured per site policy (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+
+ - id: 5.1.3
title: Ensure logrotate is configured (Manual)
levels:
- l1_server
@@ -2035,340 +1862,432 @@ controls:
- package_logrotate_installed
- timer_logrotate_enabled
- - id: 5.1.1
- title: Ensure cron daemon is enabled and running (Automated)
+ - id: 5.1.4
+ title: Ensure all logfiles have appropriate access configured (Automated)
levels:
- l1_server
- l1_workstation
status: automated
rules:
- - service_crond_enabled
+ - rsyslog_files_permissions
+ - rsyslog_files_ownership
+ - rsyslog_files_groupownership
- - id: 5.1.2
- title: Ensure permissions on /etc/crontab are configured (Automated)
+ - id: 5.2.1.1
+ title: Ensure auditd is installed (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - file_groupowner_crontab
- - file_owner_crontab
- - file_permissions_crontab
+ - package_audit_installed
+ - package_audit-libs_installed
- - id: 5.1.3
- title: Ensure permissions on /etc/cron.hourly are configured (Automated)
+ - id: 5.2.1.2
+ title: Ensure auditing for processes that start prior to auditd is enabled (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - file_groupowner_cron_hourly
- - file_owner_cron_hourly
- - file_permissions_cron_hourly
+ - grub2_audit_argument
- - id: 5.1.4
- title: Ensure permissions on /etc/cron.daily are configured (Automated)
+ - id: 5.2.1.3
+ title: Ensure audit_backlog_limit is sufficient (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
+ notes: <-
+ Note that currently the value is hardcoded to 8192
rules:
- - file_groupowner_cron_daily
- - file_owner_cron_daily
- - file_permissions_cron_daily
+ - grub2_audit_backlog_limit_argument
- - id: 5.1.5
- title: Ensure permissions on /etc/cron.weekly are configured (Automated)
+ - id: 5.2.1.4
+ title: Ensure auditd service is enabled (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - file_groupowner_cron_weekly
- - file_owner_cron_weekly
- - file_permissions_cron_weekly
+ - service_auditd_enabled
- - id: 5.1.6
- title: Ensure permissions on /etc/cron.monthly are configured (Automated)
+ - id: 5.2.2.1
+ title: Ensure audit log storage size is configured (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - file_groupowner_cron_monthly
- - file_owner_cron_monthly
- - file_permissions_cron_monthly
+ - auditd_data_retention_max_log_file
+ - var_auditd_max_log_file=6
- - id: 5.1.7
- title: Ensure permissions on /etc/cron.d are configured (Automated)
+ - id: 5.2.2.2
+ title: Ensure audit logs are not automatically deleted (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - file_groupowner_cron_d
- - file_owner_cron_d
- - file_permissions_cron_d
+ - auditd_data_retention_max_log_file_action
+ - var_auditd_max_log_file_action=keep_logs
- - id: 5.1.8
- title: Ensure cron is restricted to authorized users (Automated)
+ - id: 5.2.2.3
+ title: Ensure system is disabled when audit logs are full (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - file_groupowner_cron_allow
- - file_cron_allow_exists
- - file_owner_cron_allow
- - file_cron_deny_not_exist
- - file_permissions_cron_allow
+ - auditd_data_disk_full_action
+ - var_auditd_disk_full_action=cis_rhel7
+ - auditd_data_disk_error_action
+ - var_auditd_disk_error_action=cis_rhel7
- - id: 5.1.9
- title: Ensure at is restricted to authorized users (Automated)
+ - id: 5.2.2.4
+ title: Ensure system warns when audit logs are low on space (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - file_groupowner_at_allow
- - file_owner_at_allow
- - file_at_deny_not_exist
- - file_permissions_at_allow
+ - auditd_data_retention_space_left_action
+ - var_auditd_space_left_action=cis_rhel7
+ - auditd_data_retention_action_mail_acct
+ - var_auditd_action_mail_acct=root
+ - auditd_data_retention_admin_space_left_action
+ - var_auditd_admin_space_left_action=halt
- - id: 5.2.1
- title: Ensure sudo is installed (Automated)
+ - id: 5.2.3.1
+ title: Ensure changes to system administration scope (sudoers) is collected (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - package_sudo_installed
+ - audit_rules_sysadmin_actions
- - id: 5.2.2
- title: Ensure sudo commands use pty (Automated)
+ - id: 5.2.3.2
+ title: Ensure actions as another user are always logged (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - sudo_add_use_pty
+ - audit_rules_suid_auid_privilege_function
- - id: 5.2.3
- title: Ensure sudo log file exists (Automated)
+ - id: 5.2.3.3
+ title: Ensure events that modify the sudo log file are collected (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - sudo_custom_logfile
- - var_sudo_logfile=var_log_sudo_log
+ - audit_sudo_log_events
- - id: 5.3.1
- title: Ensure AIDE is installed (Automated)
+ - id: 5.2.3.4
+ title: Ensure events that modify date and time information are collected (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - package_aide_installed
- - aide_build_database
+ - audit_rules_time_adjtimex
+ - audit_rules_time_settimeofday
+ - audit_rules_time_clock_settime
+ - audit_rules_time_stime
+ - audit_rules_time_watch_localtime
- - id: 5.3.2
- title: Ensure filesystem integrity is regularly checked (Automated)
+ - id: 5.2.3.5
+ title: Ensure events that modify the system's network environment are collected (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
+ status: partial
+ rules:
+ # TODO: we need to create a rule that adds audit rule for /etc/sysconfig/network-scripts/ directory as well
+ - audit_rules_networkconfig_modification
+
+ - id: 5.2.3.6
+ title: Ensure use of privileged commands are collected (Automated)
+ levels:
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - aide_periodic_cron_checking
+ - audit_rules_privileged_commands
- - id: 5.4.1
- title: Ensure password creation requirements are configured (Automated)
+ - id: 5.2.3.7
+ title: Ensure unsuccessful file access attempts are collected (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
- notes: <-
- The Benchmark mentions that the try_first_pass option should be included in pam_pwquality.so
- module. However, the pam_pwquality.so module, by default, is always the first module from in
- the PAM password stack. Therefore, the option is useless and not necessary. It was already
- proposed to update the requirement in the next CIS version.
- There are two ways how to check this control.
- One way is to check for minclass, this is currently selected.
- Another way is to check for dcredit, lcredit,ocredit, ucredit, this is shown in rleated_rules.
- related_rules:
- - accounts_password_pam_dcredit
- - var_password_pam_dcredit=1
- - accounts_password_pam_ucredit
- - var_password_pam_ucredit=1
- - accounts_password_pam_lcredit
- - var_password_pam_lcredit=1
- - accounts_password_pam_ocredit
- - var_password_pam_ocredit=1
rules:
- - accounts_password_pam_minlen
- - var_password_pam_minlen=14
- - accounts_password_pam_minclass
- - var_password_pam_minclass=4
+ - audit_rules_unsuccessful_file_modification_creat
+ - audit_rules_unsuccessful_file_modification_open
+ - audit_rules_unsuccessful_file_modification_openat
+ - audit_rules_unsuccessful_file_modification_truncate
+ - audit_rules_unsuccessful_file_modification_ftruncate
- - id: 5.4.2
- title: Ensure lockout for failed password attempts is configured (Automated)
+ - id: 5.2.3.8
+ title: Ensure events that modify user/group information are collected (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - accounts_passwords_pam_faillock_deny
- - var_accounts_passwords_pam_faillock_deny=5
- - accounts_passwords_pam_faillock_unlock_time
- - var_accounts_passwords_pam_faillock_unlock_time=900
+ - audit_rules_usergroup_modification_group
+ - audit_rules_usergroup_modification_gshadow
+ - audit_rules_usergroup_modification_opasswd
+ - audit_rules_usergroup_modification_passwd
+ - audit_rules_usergroup_modification_shadow
- - id: 5.4.3
- title: Ensure password hashing algorithm is SHA-512 (Automated)
+ - id: 5.2.3.9
+ title: Ensure discretionary access control permission modification events are collected (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_rules_dac_modification_fchmod
+ - audit_rules_dac_modification_fchmodat
+ - audit_rules_dac_modification_chmod
+ - audit_rules_dac_modification_fchown
+ - audit_rules_dac_modification_fchownat
+ - audit_rules_dac_modification_chown
+ - audit_rules_dac_modification_lchown
+ - audit_rules_dac_modification_fremovexattr
+ - audit_rules_dac_modification_fsetxattr
+ - audit_rules_dac_modification_lremovexattr
+ - audit_rules_dac_modification_lsetxattr
+ - audit_rules_dac_modification_removexattr
+ - audit_rules_dac_modification_setxattr
+
+ - id: 5.2.3.10
+ title: Ensure successful file system mounts are collected (Automated)
+ levels:
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - set_password_hashing_algorithm_systemauth
- - set_password_hashing_algorithm_passwordauth
- - set_password_hashing_algorithm_logindefs
- - var_password_hashing_algorithm=SHA512
+ - audit_rules_media_export
- - id: 5.4.4
- title: Ensure password reuse is limited (Automated)
+ - id: 5.2.3.11
+ title: Ensure session initiation information is collected (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
- notes: |-
- Usage of pam_unix.so module together with "remember" option is deprecated and is not supported by this policy interpretation.
- See here for more details about pam_unix.so:
- https://bugzilla.redhat.com/show_bug.cgi?id=1778929
rules:
- - var_password_pam_remember=5
- - var_password_pam_remember_control_flag=requisite
- - accounts_password_pam_pwhistory_remember_system_auth
- - accounts_password_pam_pwhistory_remember_password_auth
+ - audit_rules_session_events
- - id: 5.5.1.1
- title: Ensure password expiration is 365 days or less (Automated)
+ - id: 5.2.3.12
+ title: Ensure login and logout events are collected (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - accounts_maximum_age_login_defs
- - var_accounts_maximum_age_login_defs=365
- - accounts_password_set_max_life_existing
+ - audit_rules_login_events_faillock
+ - audit_rules_login_events_lastlog
- - id: 5.5.1.2
- title: Ensure minimum days between password changes is configured (Automated)
+ - id: 5.2.3.13
+ title: Ensure file deletion events by users are collected (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - accounts_minimum_age_login_defs
- - var_accounts_minimum_age_login_defs=1
- - accounts_password_set_min_life_existing
+ - audit_rules_file_deletion_events_rename
+ - audit_rules_file_deletion_events_renameat
+ - audit_rules_file_deletion_events_unlink
+ - audit_rules_file_deletion_events_unlinkat
- - id: 5.5.1.3
- title: Ensure password expiration warning days is 7 or more (Automated)
+ - id: 5.2.3.14
+ title: Ensure events that modify the system's Mandatory Access Controls are collected (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - accounts_password_warn_age_login_defs
- - var_accounts_password_warn_age_login_defs=7
- - accounts_password_set_warn_age_existing
+ - audit_rules_mac_modification
+ - audit_rules_mac_modification_usr_share
- - id: 5.5.1.4
- title: Ensure inactive password lock is 30 days or less (Automated)
+ - id: 5.2.3.15
+ title: Ensure successful and unsuccessful attempts to use the chcon command are recorded (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - account_disable_post_pw_expiration
- - var_account_disable_post_pw_expiration=30
- - accounts_set_post_pw_existing
+ - audit_rules_execution_chcon
- - id: 5.5.1.5
- title: Ensure all users last password change date is in the past (Automated)
+ - id: 5.2.3.16
+ title: Ensure successful and unsuccessful attempts to use the setfacl command are recorded (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - accounts_password_last_change_is_in_past
+ - audit_rules_execution_setfacl
- - id: 5.5.2
- title: Ensure system accounts are secured (Automated)
+ - id: 5.2.3.17
+ title: Ensure successful and unsuccessful attempts to use the chacl command are recorded (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - no_password_auth_for_systemaccounts
- - no_shelllogin_for_systemaccounts
+ - audit_rules_execution_chacl
- - id: 5.5.3
- title: Ensure default group for the root account is GID 0 (Automated)
+ - id: 5.2.3.18
+ title: Ensure successful and unsuccessful attempts to use the usermod command are recorded (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - accounts_root_gid_zero
+ - audit_rules_privileged_commands_usermod
- - id: 5.5.4
- title: Ensure default user shell timeout is configured (Automated)
+ - id: 5.2.3.19
+ title: Ensure kernel module loading, unloading and modification is collected (Automated)
levels:
- - l1_server
- - l1_workstation
- status: partial
- notes: |-
- The OVAL properly checks the variable but not if it is exported and readonly.
- The Bash remediation ensures it is exported and readonly. OVAL and Ansible remediation
- need to be incremented for CIS.
+ - l2_server
+ - l2_workstation
+ status: automated
rules:
- - accounts_tmout
- - var_accounts_tmout=15_min
+ - audit_rules_kernel_module_loading_create
+ - audit_rules_kernel_module_loading_delete
+ - audit_rules_kernel_module_loading_finit
+ - audit_rules_kernel_module_loading_init
+ - audit_rules_kernel_module_loading_query
+ - audit_rules_privileged_commands_kmod
- - id: 5.5.5
- title: Ensure default user umask is configured (Automated)
+ - id: 5.2.3.20
+ title: Ensure the audit configuration is immutable (Automated)
levels:
- - l1_server
- - l1_workstation
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_rules_immutable
+
+ - id: 5.2.3.21
+ title: Ensure the running and on disk configuration is the same (Manual)
+ levels:
+ - l2_server
+ - l2_workstation
+ status: manual
+
+ - id: 5.2.4.1
+ title: Ensure the audit log directory is 0750 or more restrictive (Automated)
+ levels:
+ - l2_server
+ - l2_workstation
status: automated
rules:
- - accounts_umask_etc_bashrc
- - accounts_umask_etc_login_defs
- - accounts_umask_etc_profile
- - var_accounts_user_umask=027
+ - directory_permissions_var_log_audit
- - id: 5.6
- title: Ensure root login is restricted to system console (Manual)
+ - id: 5.2.4.2
+ title: Ensure audit log files are mode 0640 or less permissive (Automated)
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - file_permissions_var_log_audit
+
+ - id: 5.2.4.3
+ title: Ensure only authorized users own audit log files (Automated)
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - file_ownership_var_log_audit_stig
+
+ - id: 5.2.4.4
+ title: Ensure only authorized groups are assigned ownership of audit log files (Automated)
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - file_group_ownership_var_log_audit
+
+ - id: 5.2.4.5
+ title: Ensure audit configuration files are 640 or more restrictive (Automated)
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - file_permissions_audit_configuration
+
+ - id: 5.2.4.6
+ title: Ensure audit configuration files are owned by root (Automated)
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - file_ownership_audit_configuration
+
+ - id: 5.2.4.7
+ title: Ensure audit configuration files belong to group root (Automated)
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - file_groupownership_audit_configuration
+
+ - id: 5.2.4.8
+ title: Ensure audit tools are 755 or more restrictive (Automated)
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - file_permissions_audit_binaries
+
+ - id: 5.2.4.9
+ title: Ensure audit tools are owned by root (Automated)
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - file_ownership_audit_binaries
+
+ - id: 5.2.4.10
+ title: Ensure audit tools belong to group root (Automated)
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - file_groupownership_audit_binaries
+
+ - id: 5.3.1
+ title: Ensure AIDE is installed (Automated)
levels:
- l1_server
- l1_workstation
- status: manual
+ status: automated
+ rules:
+ - package_aide_installed
+ - aide_build_database
- - id: 5.7
- title: Ensure access to the su command is restricted (Automated)
+ - id: 5.3.2
+ title: Ensure filesystem integrity is regularly checked (Automated)
levels:
- l1_server
- l1_workstation
status: automated
- notes: |-
- Members of "wheel" or GID 0 groups are checked by default if the group option is not set for
- pam_wheel.so module. The recommendation states the group should be empty to reinforce the
- use of "sudo" for privileged access. Therefore, members of these groups should be manually
- checked or a different group should be informed.
rules:
- - use_pam_wheel_for_su
+ - aide_periodic_cron_checking
- id: 6.1.1
title: Ensure world writable files and directories are secured (Automated)
diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/rule.yml
index 59ebe054860..8e1ed213842 100644
--- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/rule.yml
+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/rule.yml
@@ -18,7 +18,7 @@ identifiers:
cce@rhel9: CCE-86136-9
references:
- cis@rhel7: 5.3.3
+ cis@rhel7: 4.2.3
cis@rhel8: 5.2.3
cis@rhel9: 5.2.3
diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/rule.yml
index 3bcf05ded44..7e30984d896 100644
--- a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/rule.yml
+++ b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/rule.yml
@@ -18,7 +18,7 @@ identifiers:
cce@rhel9: CCE-86130-2
references:
- cis@rhel7: 5.3.3
+ cis@rhel7: 4.2.3
cis@rhel8: 5.2.3
cis@rhel9: 5.2.3
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
index c26d859dd87..d90b7eb3d44 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
@@ -21,7 +21,7 @@ references:
cis-csc: 12,13,14,15,16,18,3,5
cis@alinux2: 5.2.4
cis@alinux3: 5.2.4
- cis@rhel7: 5.3.3
+ cis@rhel7: 4.2.3
cis@rhel8: 5.2.3
cis@rhel9: 5.2.3
cis@sle12: 5.2.3
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml
index 5cc359a7bd7..1e2423f83ef 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml
@@ -54,7 +54,7 @@ references:
ccn@rhel9: A.11.SEC-RHEL2
cis-csc: 11,12,14,15,16,18,3,5
cis@alinux2: 5.2.18
- cis@rhel7: 5.3.4
+ cis@rhel7: 4.2.4
cis@rhel8: 5.2.4
cis@rhel9: 5.2.4
cis@sle12: 5.2.4
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
index 51cd769f78b..13020dd4194 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
@@ -42,7 +42,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.10
- cis@rhel7: 4.1.9
+ cis@rhel7: 5.2.3.9
cis@rhel8: 4.1.3.9
cis@rhel9: 4.1.3.9
cis@sle12: 4.1.9
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
index d8a81c21673..7d8abe50869 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
@@ -42,7 +42,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.10
- cis@rhel7: 4.1.9
+ cis@rhel7: 5.2.3.9
cis@rhel8: 4.1.3.9
cis@rhel9: 4.1.3.9
cis@sle12: 4.1.9
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
index 52b99c6c70a..e2a76c40662 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
@@ -39,7 +39,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.10
- cis@rhel7: 4.1.9
+ cis@rhel7: 5.2.3.9
cis@rhel8: 4.1.3.9
cis@rhel9: 4.1.3.9
cis@sle12: 4.1.9
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
index 3350af4f1e1..33f34fabfc9 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
@@ -39,7 +39,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.10
- cis@rhel7: 4.1.9
+ cis@rhel7: 5.2.3.9
cis@rhel8: 4.1.3.9
cis@rhel9: 4.1.3.9
cis@sle12: 4.1.9
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
index 1e619689c76..72393e0a3fa 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
@@ -42,7 +42,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.10
- cis@rhel7: 4.1.9
+ cis@rhel7: 5.2.3.9
cis@rhel8: 4.1.3.9
cis@rhel9: 4.1.3.9
cis@sle12: 4.1.9
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
index 81935c95c33..9d39ad55362 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
@@ -39,7 +39,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.10
- cis@rhel7: 4.1.9
+ cis@rhel7: 5.2.3.9
cis@rhel8: 4.1.3.9
cis@rhel9: 4.1.3.9
cis@sle12: 4.1.9
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
index 4b0f3d9379b..690d7da45ae 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
@@ -56,7 +56,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.10
- cis@rhel7: 4.1.9
+ cis@rhel7: 5.2.3.9
cis@rhel8: 4.1.3.9
cis@rhel9: 4.1.3.9
cis@sle12: 4.1.9
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
index 3fe9afe92cd..e12cd60e064 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
@@ -51,7 +51,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.10
- cis@rhel7: 4.1.9
+ cis@rhel7: 5.2.3.9
cis@rhel8: 4.1.3.9
cis@rhel9: 4.1.3.9
cis@sle12: 4.1.9
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
index 1d5d06e8291..3cf093a19a7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
@@ -42,7 +42,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.10
- cis@rhel7: 4.1.9
+ cis@rhel7: 5.2.3.9
cis@rhel8: 4.1.3.9
cis@rhel9: 4.1.3.9
cis@sle12: 4.1.9
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
index cdd80b089cf..2201e122f6c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
@@ -56,7 +56,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.10
- cis@rhel7: 4.1.9
+ cis@rhel7: 5.2.3.9
cis@rhel8: 4.1.3.9
cis@rhel9: 4.1.3.9
cis@sle12: 4.1.9
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
index 5ea0e08c00b..e41bb6a52ad 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
@@ -51,7 +51,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.10
- cis@rhel7: 4.1.9
+ cis@rhel7: 5.2.3.9
cis@rhel8: 4.1.3.9
cis@rhel9: 4.1.3.9
cis@sle12: 4.1.9
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
index f5c8a2f8ac6..ae88bc1a070 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
@@ -55,7 +55,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.10
- cis@rhel7: 4.1.9
+ cis@rhel7: 5.2.3.9
cis@rhel8: 4.1.3.9
cis@rhel9: 4.1.3.9
cis@sle12: 4.1.9
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
index 6ea28041469..bc5530589d7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
@@ -51,7 +51,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.10
- cis@rhel7: 4.1.9
+ cis@rhel7: 5.2.3.9
cis@rhel8: 4.1.3.9
cis@rhel9: 4.1.3.9
cis@sle12: 4.1.9
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
index 9c0485da0ba..d5a1ae5187c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,fedora,ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,fedora,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
title: 'Record Any Attempts to Run chacl'
@@ -27,6 +27,7 @@ rationale: |-
severity: medium
identifiers:
+ cce@rhel7: CCE-86256-5
cce@rhel8: CCE-89446-9
cce@rhel9: CCE-87685-4
cce@sle12: CCE-83190-9
@@ -34,6 +35,7 @@ identifiers:
references:
cis@alinux3: 4.1.3.19
+ cis@rhel7: 5.2.3.17
cis@rhel8: 4.1.3.17
cis@rhel9: 4.1.3.17
cis@ubuntu2204: 4.1.3.17
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
index 1163c31b57c..a7e39f8093c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
@@ -34,6 +34,7 @@ identifiers:
references:
cis@alinux3: 4.1.3.18
+ cis@rhel7: 5.2.3.16
cis@rhel8: 4.1.3.16
cis@rhel9: 4.1.3.16
cis@ubuntu2204: 4.1.3.16
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
index 060152cbc18..740f95e42eb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
@@ -45,6 +45,7 @@ identifiers:
references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
cis@alinux3: 4.1.3.15
+ cis@rhel7: 5.2.3.15
cis@rhel8: 4.1.3.15
cis@rhel9: 4.1.3.15
cis@ubuntu2204: 4.1.3.15
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
index 697554b6395..77be618d0e3 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
@@ -39,7 +39,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.14
cis@alinux3: 4.1.3.13
- cis@rhel7: 4.1.13
+ cis@rhel7: 5.2.3.13
cis@rhel8: 4.1.3.13
cis@rhel9: 4.1.3.13
cis@sle12: 4.1.13
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
index b46e96a4aa6..8b171d6f9a3 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
@@ -35,7 +35,7 @@ references:
anssi: BP28(R73)
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.14
- cis@rhel7: 4.1.13
+ cis@rhel7: 5.2.3.13
cis@rhel8: 4.1.3.13
cis@rhel9: 4.1.3.13
cis@sle12: 4.1.13
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
index 9edbd132555..2ec1fae6cf8 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
@@ -38,7 +38,7 @@ references:
anssi: BP28(R73)
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.14
- cis@rhel7: 4.1.13
+ cis@rhel7: 5.2.3.13
cis@rhel8: 4.1.3.13
cis@rhel9: 4.1.3.13
cis@sle12: 4.1.13
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
index 2ddfb0f9e01..0524f269374 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
@@ -35,7 +35,7 @@ references:
anssi: BP28(R73)
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.14
- cis@rhel7: 4.1.13
+ cis@rhel7: 5.2.3.13
cis@rhel8: 4.1.3.13
cis@rhel9: 4.1.3.13
cis@sle12: 4.1.13
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
index 5d4f9fd42fc..51910506b37 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
@@ -48,7 +48,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL9
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.11
- cis@rhel7: 4.1.10
+ cis@rhel7: 5.2.3.7
cis@rhel8: 4.1.3.7
cis@rhel9: 4.1.3.7
cis@sle12: 4.1.10
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
index c062e894bb9..794e9c5badd 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
@@ -48,7 +48,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL9
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.11
- cis@rhel7: 4.1.10
+ cis@rhel7: 5.2.3.7
cis@rhel8: 4.1.3.7
cis@rhel9: 4.1.3.7
cis@sle12: 4.1.10
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
index cf6c0b586ee..e84ba7c602b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
@@ -51,7 +51,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL9
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.11
- cis@rhel7: 4.1.10
+ cis@rhel7: 5.2.3.7
cis@rhel8: 4.1.3.7
cis@rhel9: 4.1.3.7
cis@sle12: 4.1.10
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
index 48248df906f..5f05f851a89 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
@@ -48,7 +48,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL9
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.11
- cis@rhel7: 4.1.10
+ cis@rhel7: 5.2.3.7
cis@rhel8: 4.1.3.7
cis@rhel9: 4.1.3.7
cis@sle12: 4.1.10
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
index 243dc9e6fe9..51287dcc910 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
@@ -48,7 +48,7 @@ references:
ccn@rhel9: A.3.SEC-RHEL9
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.11
- cis@rhel7: 4.1.10
+ cis@rhel7: 5.2.3.7
cis@rhel8: 4.1.3.7
cis@rhel9: 4.1.3.7
cis@sle12: 4.1.10
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/rule.yml
index a134247c0e5..825900fffd8 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/rule.yml
@@ -33,6 +33,7 @@ identifiers:
references:
cis@alinux3: 4.1.3.26
+ cis@rhel7: 5.2.3.19
cis@rhel8: 4.1.3.19
cis@rhel9: 4.1.3.19
disa: CCI-000172
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
index 3ee33060889..7828f27160a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
@@ -40,7 +40,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.17
cis@alinux3: 4.1.3.26
- cis@rhel7: 4.1.16
+ cis@rhel7: 5.2.3.19
cis@rhel8: 4.1.3.19
cis@rhel9: 4.1.3.19
cis@sle12: 4.1.16
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
index f34eb590089..322b0e984a1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
@@ -42,7 +42,7 @@ references:
anssi: BP28(R73)
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.17
- cis@rhel7: 4.1.17
+ cis@rhel7: 5.2.3.19
cis@rhel8: 4.1.3.19
cis@rhel9: 4.1.3.19
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
index 9b0ba2ac498..0eff9270f6b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
@@ -39,7 +39,7 @@ references:
anssi: BP28(R73)
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.17
- cis@rhel7: 4.1.16
+ cis@rhel7: 5.2.3.19
cis@rhel8: 4.1.3.19
cis@rhel9: 4.1.3.19
cis@sle12: 4.1.16
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/rule.yml
index 281f0021b34..e44f7849871 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhel9
+prodtype: rhel7,rhel8,rhel9
title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module'
@@ -27,10 +27,12 @@ platforms:
- not aarch64_arch
identifiers:
+ cce@rhel7: CCE-88102-9
cce@rhel8: CCE-88748-9
cce@rhel9: CCE-88749-7
references:
+ cis@rhel7: 5.2.3.19
cis@rhel8: 4.1.3.19
cis@rhel9: 4.1.3.19
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
index 151d58763c8..e8c3385a5ff 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
@@ -38,7 +38,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.8
cis@alinux3: 4.1.3.12
- cis@rhel7: 4.1.7
+ cis@rhel7: 5.2.3.12
cis@rhel8: 4.1.3.12
cis@rhel9: 4.1.3.12
cis@sle12: 4.1.7
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
index 40fe9d08240..5681370a365 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
@@ -38,7 +38,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.8
cis@alinux3: 4.1.3.12
- cis@rhel7: 4.1.7
+ cis@rhel7: 5.2.3.12
cis@rhel8: 4.1.3.12
cis@rhel9: 4.1.3.12
cis@sle12: 4.1.7
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/rule.yml
index 19f90f668a1..41aadb8f14c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/rule.yml
@@ -50,7 +50,7 @@ identifiers:
references:
anssi: BP28(R73)
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
- cis@rhel7: 4.1.11
+ cis@rhel7: 5.2.3.6
cis@rhel8: 4.1.3.6
cis@rhel9: 4.1.3.6
cis@sle12: 4.1.11
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
index c54b25cabca..c1a33eacb70 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
@@ -43,6 +43,7 @@ identifiers:
references:
anssi: BP28(R73)
cis@alinux3: 4.1.3.20
+ cis@rhel7: 5.2.3.19
cis@rhel8: 4.1.3.19
cis@rhel9: 4.1.3.19
disa: CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-002884
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
index 258cdbafbd8..ec000239faa 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,fedora,ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,fedora,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usermod'
@@ -31,6 +31,7 @@ rationale: |-
severity: medium
identifiers:
+ cce@rhel7: CCE-87991-6
cce@rhel8: CCE-86027-0
cce@rhel9: CCE-87212-7
cce@sle12: CCE-83191-7
@@ -38,6 +39,7 @@ identifiers:
references:
cis@alinux3: 4.1.3.23
+ cis@rhel7: 5.2.3.18
cis@rhel8: 4.1.3.18
cis@rhel9: 4.1.3.18
cis@ubuntu2204: 4.1.3.18
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
index 4f078f2b382..f1ba19744fe 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
@@ -37,7 +37,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8
cis@alinux2: 4.1.18
cis@alinux3: 4.1.3.28
- cis@rhel7: 4.1.17
+ cis@rhel7: 5.2.3.20
cis@rhel8: 4.1.3.20
cis@rhel9: 4.1.3.20
cis@sle12: 4.1.17
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml
index c32c007d66a..af990bb02bf 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml
@@ -32,7 +32,7 @@ references:
anssi: BP28(R73)
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.7
- cis@rhel7: 4.1.6
+ cis@rhel7: 5.2.3.14
cis@rhel8: 4.1.3.14
cis@rhel9: 4.1.3.14
cis@sle12: 4.1.6
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/rule.yml
index 008644923ec..3a7553652c7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/rule.yml
@@ -28,7 +28,7 @@ identifiers:
cce@sle15: CCE-92515-6
references:
- cis@rhel7: 4.1.6
+ cis@rhel7: 5.2.3.14
cis@rhel8: 4.1.3.14
cis@rhel9: 4.1.3.14
cis@sle12: 4.1.6
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
index 18d8bc2a441..bebfe2fc82a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
@@ -38,7 +38,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.13
cis@alinux3: 4.1.3.10
- cis@rhel7: 4.1.12
+ cis@rhel7: 5.2.3.10
cis@rhel8: 4.1.3.10
cis@rhel9: 4.1.3.10
cis@sle12: 4.1.12
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
index ddb14267995..ee3ff94d466 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
@@ -43,7 +43,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.6
cis@alinux3: 4.1.3.5
- cis@rhel7: 4.1.5
+ cis@rhel7: 5.2.3.5
cis@rhel8: 4.1.3.5
cis@rhel9: 4.1.3.5
cis@sle12: 4.1.5
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml
index 10753ad6b9d..460a76a4393 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml
@@ -40,7 +40,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.9
cis@alinux3: 4.1.3.11
- cis@rhel7: 4.1.8
+ cis@rhel7: 5.2.3.11
cis@rhel8: 4.1.3.11
cis@rhel9: 4.1.3.11
cis@sle12: 4.1.8
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/rule.yml
index 866445695d3..fbbd6b6d27b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhel9
+prodtype: rhel7,rhel8,rhel9
title: 'Record Events When Executables Are Run As Another User'
@@ -36,10 +36,12 @@ rationale: |-
severity: medium
identifiers:
+ cce@rhel7: CCE-86219-3
cce@rhel8: CCE-90209-8
cce@rhel9: CCE-86368-8
references:
+ cis@rhel7: 5.2.3.2
cis@rhel8: 4.1.3.2
cis@rhel9: 4.1.3.2
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
index e1cd0a23ce1..cd2f039ce85 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
@@ -36,7 +36,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.15
cis@alinux3: 4.1.3.1
- cis@rhel7: 4.1.14
+ cis@rhel7: 5.2.3.1
cis@rhel8: 4.1.3.1
cis@rhel9: 4.1.3.1
cis@sle12: 4.1.14
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
index 6a3c31d2463..3c282dec78d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
@@ -41,7 +41,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.5
cis@alinux3: 4.1.3.8
- cis@rhel7: 4.1.4
+ cis@rhel7: 5.2.3.8
cis@rhel8: 4.1.3.8
cis@rhel9: 4.1.3.8
cis@sle12: 4.1.4
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
index 94f6e75b840..29b47231124 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
@@ -41,7 +41,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.5
cis@alinux3: 4.1.3.8
- cis@rhel7: 4.1.4
+ cis@rhel7: 5.2.3.8
cis@rhel8: 4.1.3.8
cis@rhel9: 4.1.3.8
cis@sle12: 4.1.4
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
index 51b5f0f5418..97dfc42bdad 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
@@ -41,7 +41,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.5
cis@alinux3: 4.1.3.8
- cis@rhel7: 4.1.4
+ cis@rhel7: 5.2.3.8
cis@rhel8: 4.1.3.8
cis@rhel9: 4.1.3.8
cis@sle12: 4.1.4
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
index 0f1b393bcb1..af1f903d0a6 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
@@ -41,7 +41,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.5
cis@alinux3: 4.1.3.8
- cis@rhel7: 4.1.4
+ cis@rhel7: 5.2.3.8
cis@rhel8: 4.1.3.8
cis@rhel9: 4.1.3.8
cis@sle12: 4.1.4
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
index 4ffa0e34380..dff75e43d57 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
@@ -41,7 +41,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.5
cis@alinux3: 4.1.3.8
- cis@rhel7: 4.1.4
+ cis@rhel7: 5.2.3.8
cis@rhel8: 4.1.3.8
cis@rhel9: 4.1.3.8
cis@sle12: 4.1.4
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
index 6b60c19ebf5..af0ae7705e9 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: fedora,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
title: 'Record Attempts to perform maintenance activities'
@@ -38,14 +38,16 @@ rationale: |-
severity: medium
identifiers:
+ cce@rhel7: CCE-86245-8
cce@rhel8: CCE-86432-2
cce@rhel9: CCE-86433-0
cce@sle12: CCE-92355-7
- cce@sle15: CCE-92551-1
+ cce@sle15: CCE-92551-1
references:
anssi: BP28(R73)
ccn@rhel9: A.3.SEC-RHEL7
+ cis@rhel7: 5.2.3.3
cis@rhel8: 4.1.3.3
cis@rhel9: 4.1.3.3
cis@sle12: 4.1.15
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml
index d3bfa7bad9c..94b97e219a1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml
@@ -43,7 +43,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.4
cis@alinux3: 4.1.3.4
- cis@rhel7: 4.1.3
+ cis@rhel7: 5.2.3.4
cis@rhel8: 4.1.3.4
cis@rhel9: 4.1.3.4
cis@sle12: 4.1.3
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml
index ef00aeb5e28..96aa529d247 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml
@@ -42,7 +42,7 @@ references:
anssi: BP28(R73)
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux3: 4.1.3.4
- cis@rhel7: 4.1.3
+ cis@rhel7: 5.2.3.4
cis@rhel8: 4.1.3.4
cis@rhel9: 4.1.3.4
cis@ubuntu2004: 4.1.3
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml
index 1e67f7ce97d..0a41dbd2f9b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml
@@ -41,7 +41,7 @@ identifiers:
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.4
- cis@rhel7: 4.1.3
+ cis@rhel7: 5.2.3.4
cis@rhel8: 4.1.3.4
cis@rhel9: 4.1.3.4
cis@sle12: 4.1.3
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml
index 9f1eac9b6cb..bb220857a79 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml
@@ -50,7 +50,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.4
cis@alinux3: 4.1.3.4
- cis@rhel7: 4.1.3
+ cis@rhel7: 5.2.3.4
cis@rhel8: 4.1.3.4
cis@rhel9: 4.1.3.4
cis@sle12: 4.1.3
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml
index 16089eacf02..8e5bb4a4b0a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml
@@ -37,7 +37,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.4
cis@alinux3: 4.1.3.4
- cis@rhel7: 4.1.3
+ cis@rhel7: 5.2.3.4
cis@rhel8: 4.1.3.4
cis@rhel9: 4.1.3.4
cis@sle12: 4.1.3
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml
index fc07d94652f..5bfca9ad028 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml
@@ -28,12 +28,14 @@ severity: medium
identifiers:
cce@rhcos4: CCE-82692-5
+ cce@rhel7: CCE-88645-7
cce@rhel8: CCE-84048-8
cce@rhel9: CCE-83734-4
references:
ccn@rhel9: A.3.SEC-RHEL2
cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8
+ cis@rhel7: 5.2.4.1
cis@rhel9: 4.1.4.4
cis@ubuntu2204: 4.1.4.4
cobit5: APO01.06,APO11.04,APO12.06,BAI03.05,BAI08.02,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS05.04,DSS05.07,DSS06.02,MEA02.01
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
index 1a9d0959a96..04bebade17d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,ol9,rhel8,rhel9,ubuntu2004,ubuntu2204
+prodtype: ol8,ol9,rhel7,rhel8,rhel9,ubuntu2004,ubuntu2204
title: 'System Audit Logs Must Be Group Owned By Root'
@@ -22,12 +22,14 @@ rationale: |-
severity: medium
identifiers:
+ cce@rhel7: CCE-88757-0
cce@rhel8: CCE-88227-4
cce@rhel9: CCE-89603-5
references:
ccn@rhel9: A.3.SEC-RHEL2
cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8
+ cis@rhel7: 5.2.4.4
cis@rhel9: 4.1.4.3
cis@ubuntu2204: 4.1.4.3
cjis: 5.4.1.1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml
index 4a0d3b7d43f..6121724a5ac 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml
@@ -18,10 +18,12 @@ rationale: |-
severity: medium
identifiers:
+ cce@rhel7: CCE-88896-6
cce@rhel9: CCE-86446-2
references:
ccn@rhel9: A.3.SEC-RHEL4
+ cis@rhel7: 5.2.4.7
cis@rhel9: 4.1.4.7
cis@ubuntu2204: 4.1.4.7
disa: CCI-000171
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml
index 371221ff5ce..ff06425be2e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml
@@ -19,10 +19,12 @@ rationale: |-
severity: medium
identifiers:
+ cce@rhel7: CCE-88786-9
cce@rhel9: CCE-86445-4
references:
ccn@rhel9: A.3.SEC-RHEL4
+ cis@rhel7: 5.2.4.6
cis@rhel9: 4.1.4.6
cis@ubuntu2204: 4.1.4.6
disa: CCI-000171
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml
index b7b5736cdd6..a5ba370fdb2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,ol9,rhel8,rhel9,ubuntu2004,ubuntu2204
+prodtype: ol8,ol9,rhel7,rhel8,rhel9,ubuntu2004,ubuntu2204
title: 'System Audit Logs Must Be Owned By Root'
@@ -17,11 +17,13 @@ rationale: |-
severity: medium
identifiers:
+ cce@rhel7: CCE-88700-0
cce@rhel8: CCE-88228-2
cce@rhel9: CCE-89952-6
references:
cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8
+ cis@rhel7: 5.2.4.3
cis@rhel9: 4.1.4.2
cis@ubuntu2204: 4.1.4.2
cjis: 5.4.1.1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml
index 626a39035a2..fbddfac9740 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml
@@ -18,10 +18,12 @@ rationale: |-
severity: medium
identifiers:
+ cce@rhel7: CCE-88763-8
cce@rhel9: CCE-88002-1
references:
ccn@rhel9: A.3.SEC-RHEL4
+ cis@rhel7: 5.2.4.5
cis@rhel9: 4.1.4.5
ocil: |-
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
index e73322c961c..f124792d6d4 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
@@ -37,6 +37,7 @@ identifiers:
references:
ccn@rhel9: A.3.SEC-RHEL2
cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8
+ cis@rhel7: 5.2.4.2
cis@rhel9: 4.1.4.1
cis@ubuntu2204: 4.1.4.1
cjis: 5.4.1.1
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
index 0b3dd71953c..aac0daffe11 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
@@ -29,6 +29,7 @@ identifiers:
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8
+ cis@rhel7: 5.2.2.3
cobit5: APO11.04,APO12.06,APO13.01,BAI03.05,BAI04.04,BAI08.02,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS05.04,DSS05.07,MEA02.01
disa: CCI-000140
isa-62443-2009: 4.2.3.10,4.3.3.3.9,4.3.3.5.8,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
index e69a059041c..ad6d3ac32ce 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
@@ -26,6 +26,7 @@ severity: medium
identifiers:
cce@rhcos4: CCE-82676-8
+ cce@rhel7: CCE-86102-1
cce@rhel8: CCE-84045-4
cce@rhel9: CCE-83684-1
cce@sle12: CCE-83032-3
@@ -33,6 +34,7 @@ identifiers:
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8
+ cis@rhel7: 5.2.2.3
cobit5: APO11.04,APO12.06,APO13.01,BAI03.05,BAI04.04,BAI08.02,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS05.04,DSS05.07,MEA02.01
disa: CCI-000140
isa-62443-2009: 4.2.3.10,4.3.3.3.9,4.3.3.5.8,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
index 3af4344893c..d17ca1db854 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
@@ -27,7 +27,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8
cis@alinux2: 4.1.1.2
cis@alinux3: 4.1.2.3
- cis@rhel7: 4.1.2.3
+ cis@rhel7: 5.2.2.4
cis@rhel8: 4.1.2.3
cis@rhel9: 4.1.2.3
cis@sle12: 4.1.2.3
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml
index a3bfaf9fe73..a21bd30cbd3 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml
@@ -34,7 +34,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8
cis@alinux2: 4.1.1.2
cis@alinux3: 4.1.2.3
- cis@rhel7: 4.1.2.3
+ cis@rhel7: 5.2.2.4
cis@rhel8: 4.1.2.3
cis@rhel9: 4.1.2.3
cis@sle12: 4.1.2.3
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/rule.yml
index 96cbe6931b7..9a2ea4d5d9b 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/rule.yml
@@ -31,7 +31,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,3,4,5,6,7,8
cis@alinux2: 4.1.1.1
cis@alinux3: 4.1.2.1
- cis@rhel7: 4.1.2.1
+ cis@rhel7: 5.2.2.1
cis@rhel8: 4.1.2.1
cis@rhel9: 4.1.2.1
cis@sle12: 4.1.2.1
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
index 30d897a4d90..b067231cfac 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
@@ -41,7 +41,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8
cis@alinux2: 4.1.1.3
cis@alinux3: 4.1.2.2
- cis@rhel7: 4.1.2.2
+ cis@rhel7: 5.2.2.2
cis@rhel8: 4.1.2.2
cis@rhel9: 4.1.2.2
cis@sle12: 4.1.2.2
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
index 46560f89e15..ec0ed4850cc 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
@@ -8,7 +8,7 @@
- name: Configure auditd space_left Action on Low Disk Space
lineinfile:
dest: /etc/audit/auditd.conf
- line: "space_left_action = {{ var_auditd_space_left_action }}"
+ line: "space_left_action = {{ var_auditd_space_left_action.split('|')[0] }}"
regexp: '^\s*space_left_action\s*=\s*.*$'
state: present
create: yes
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
index 870f6619e61..b6e0267bb64 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
@@ -2,6 +2,7 @@
{{{ bash_instantiate_variables("var_auditd_space_left_action") }}}
+var_auditd_space_left_action="$(echo $var_auditd_space_left_action | cut -d \| -f 1)"
#
# If space_left_action present in /etc/audit/auditd.conf, change value
# to var_auditd_space_left_action, else
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/oval/shared.xml
index 9cfafeaef68..8673306eee4 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/oval/shared.xml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/oval/shared.xml
@@ -22,9 +22,17 @@
-
+
+
+
+ (?i)
+
+
+
+
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
index 0d4dd64b9d0..dedbe32c1bb 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
@@ -40,7 +40,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8
cis@alinux2: 4.1.1.2
cis@alinux3: 4.1.2.3
- cis@rhel7: 4.1.2.3
+ cis@rhel7: 5.2.2.4
cis@rhel8: 4.1.2.3
cis@rhel9: 4.1.2.3
cis@sle12: 4.1.2.3
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_admin_space_left_action.var b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_admin_space_left_action.var
index 757e4197e15..57d51b20268 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_admin_space_left_action.var
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_admin_space_left_action.var
@@ -18,3 +18,4 @@ options:
syslog: syslog
rotate: rotate
ignore: ignore
+ cis_rhel7: single|halt
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_disk_error_action.var b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_disk_error_action.var
index 1312b435450..7b78c066c42 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_disk_error_action.var
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_disk_error_action.var
@@ -21,3 +21,4 @@ options:
ignore: ignore
ol8: syslog|single|halt
rhel8: syslog|single|halt
+ cis_rhel7: syslog|single|halt
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_disk_full_action.var b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_disk_full_action.var
index 61aac3f7f98..b650358fe54 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_disk_full_action.var
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_disk_full_action.var
@@ -22,3 +22,4 @@ options:
rotate: rotate
ol8: syslog|single|halt
rhel8: syslog|single|halt
+ cis_rhel7: halt|single
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left_action.var b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left_action.var
index f52c1515202..9c526f3f30d 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left_action.var
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left_action.var
@@ -18,3 +18,4 @@ options:
syslog: syslog
rotate: rotate
ignore: ignore
+ cis_rhel7: email|exec|single|halt
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
index 0c1ad541917..c1e87080c95 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
@@ -29,7 +29,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,3,4,5,6,7,8
cis@alinux2: 4.1.3
cis@alinux3: 4.1.1.3
- cis@rhel7: 4.1.1.3
+ cis@rhel7: 5.2.1.2
cis@rhel8: 4.1.1.3
cis@rhel9: 4.1.1.2
cis@sle12: 4.1.1.3
diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
index 5a6ad453660..8bb4650f27f 100644
--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
@@ -27,7 +27,7 @@ identifiers:
references:
cis@alinux3: 4.1.1.4
- cis@rhel7: 4.1.2.4
+ cis@rhel7: 5.2.1.3
cis@rhel8: 4.1.1.4
cis@rhel9: 4.1.1.3
cis@sle12: 4.1.2.4
diff --git a/linux_os/guide/system/auditing/package_audit-libs_installed/rule.yml b/linux_os/guide/system/auditing/package_audit-libs_installed/rule.yml
index 4cce17b3f30..7d2649270b6 100644
--- a/linux_os/guide/system/auditing/package_audit-libs_installed/rule.yml
+++ b/linux_os/guide/system/auditing/package_audit-libs_installed/rule.yml
@@ -23,7 +23,7 @@ identifiers:
references:
anssi: BP28(R50)
- cis@rhel7: 4.1.1.1
+ cis@rhel7: 5.2.1.1
cis@sle12: 4.1.1.1
cis@sle15: 4.1.1.1
disa: CCI-000130,CCI-000131,CCI-000132,CCI-000133,CCI-000134,CCI-000135,CCI-000154,CCI-000158,CCI-000172,CCI-001464,CCI-001487,CCI-001814,CCI-001875,CCI-001876,CCI-001877,CCI-001878,CCI-001879,CCI-001880,CCI-001881,CCI-001882,CCI-001889,CCI-001914,CCI-002884,CCI-000169
diff --git a/linux_os/guide/system/auditing/package_audit_installed/rule.yml b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
index 2e8061ce441..c13fb3d0516 100644
--- a/linux_os/guide/system/auditing/package_audit_installed/rule.yml
+++ b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
@@ -19,7 +19,7 @@ identifiers:
references:
anssi: BP28(R33),BP28(R73)
cis@alinux3: 4.1.1.1
- cis@rhel7: 4.1.1.1
+ cis@rhel7: 5.2.1.1
cis@rhel8: 4.1.1.1
cis@rhel9: 4.1.1.1
cis@sle12: 4.1.1.1
diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
index d6bd884f017..4d75a3f7af5 100644
--- a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
+++ b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
@@ -36,7 +36,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@alinux2: 4.1.2
cis@alinux3: 4.1.1.2
- cis@rhel7: 4.1.1.2
+ cis@rhel7: 5.2.1.4
cis@rhel8: 4.1.1.2
cis@rhel9: 4.1.1.4
cis@sle12: 4.1.1.2
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml
index 042789f6337..a2942d8d42d 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml
@@ -38,6 +38,7 @@ identifiers:
references:
anssi: BP28(R46),BP28(R5)
cis-csc: 12,13,14,15,16,18,3,5
+ cis@rhel7: 5.1.4
cis@rhel9: 4.2.3
cis@sle12: 4.2.1.3
cis@sle15: 4.2.1.3
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml
index bb0d604ba0a..de9f811f62f 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml
@@ -52,6 +52,7 @@ identifiers:
references:
anssi: BP28(R46),BP28(R5)
cis-csc: 12,13,14,15,16,18,3,5
+ cis@rhel7: 5.1.4
cis@rhel9: 4.2.3
cis@sle12: 4.2.1.3
cis@sle15: 4.2.1.3
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
index 3758d61d715..9b400e8824f 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
@@ -31,7 +31,7 @@ identifiers:
references:
anssi: BP28(R36)
cis@alinux2: 4.2.1.3
- cis@rhel7: 4.2.3
+ cis@rhel7: 5.1.4
cis@rhel8: 4.2.3
cis@rhel9: 4.2.3
cis@sle12: 4.2.1.3
diff --git a/linux_os/guide/system/logging/journald/journald_compress/rule.yml b/linux_os/guide/system/logging/journald/journald_compress/rule.yml
index 07a0a84d6bd..dace9e2ab80 100644
--- a/linux_os/guide/system/logging/journald/journald_compress/rule.yml
+++ b/linux_os/guide/system/logging/journald/journald_compress/rule.yml
@@ -23,7 +23,7 @@ identifiers:
references:
cis@alinux3: 4.2.2.2
- cis@rhel7: 4.2.2.2
+ cis@rhel7: 5.1.2.3
cis@rhel8: 4.2.2.3
cis@rhel9: 4.2.2.3
cis@sle12: 4.2.2.2
diff --git a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
index 14a38b516fc..d39ba5fe75b 100644
--- a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
+++ b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
@@ -24,7 +24,7 @@ identifiers:
references:
cis@alinux3: 4.2.2.1
- cis@rhel7: 4.2.2.1
+ cis@rhel7: 5.1.1.3
cis@rhel8: 4.2.1.3
cis@rhel9: 4.2.1.3
cis@sle12: 4.2.2.1
diff --git a/linux_os/guide/system/logging/journald/journald_storage/rule.yml b/linux_os/guide/system/logging/journald/journald_storage/rule.yml
index 29059889ddc..64b15687bb2 100644
--- a/linux_os/guide/system/logging/journald/journald_storage/rule.yml
+++ b/linux_os/guide/system/logging/journald/journald_storage/rule.yml
@@ -22,7 +22,7 @@ identifiers:
references:
cis@alinux3: 4.2.2.3
- cis@rhel7: 4.2.2.3
+ cis@rhel7: 5.1.2.4
cis@rhel8: 4.2.2.4
cis@rhel9: 4.2.2.4
cis@sle12: 4.2.2.3
diff --git a/linux_os/guide/system/logging/journald/package_systemd-journal-remote_installed/rule.yml b/linux_os/guide/system/logging/journald/package_systemd-journal-remote_installed/rule.yml
index 859859c7fcd..c22e270eba2 100644
--- a/linux_os/guide/system/logging/journald/package_systemd-journal-remote_installed/rule.yml
+++ b/linux_os/guide/system/logging/journald/package_systemd-journal-remote_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,ubuntu2204
+prodtype: rhel7,rhel8,ubuntu2204
title: 'Install systemd-journal-remote Package'
@@ -16,7 +16,12 @@ rationale: |-
severity: medium
+identifiers:
+ cce@rhel7: CCE-87415-6
+ cce@rhel8: CCE-86467-8
+
references:
+ cis@rhel7: 5.1.2.1.1
cis@rhel8: 4.2.2.1.1
cis@ubuntu2204: 4.2.1.1.1
diff --git a/linux_os/guide/system/logging/journald/service_systemd-journald_enabled/rule.yml b/linux_os/guide/system/logging/journald/service_systemd-journald_enabled/rule.yml
index d07b9ff205c..e9a44abc4ee 100644
--- a/linux_os/guide/system/logging/journald/service_systemd-journald_enabled/rule.yml
+++ b/linux_os/guide/system/logging/journald/service_systemd-journald_enabled/rule.yml
@@ -13,10 +13,12 @@ rationale: |-
severity: medium
identifiers:
+ cce@rhel7: CCE-87634-2
cce@rhel8: CCE-85921-5
cce@rhel9: CCE-85941-3
references:
+ cis@rhel7: 5.1.2.2
cis@rhel8: 4.2.2.2
cis@rhel9: 4.2.2.2
cis@ubuntu2204: 4.2.1.2
diff --git a/linux_os/guide/system/logging/journald/socket_systemd-journal-remote_disabled/rule.yml b/linux_os/guide/system/logging/journald/socket_systemd-journal-remote_disabled/rule.yml
index 8510c91a569..180bf57f662 100644
--- a/linux_os/guide/system/logging/journald/socket_systemd-journal-remote_disabled/rule.yml
+++ b/linux_os/guide/system/logging/journald/socket_systemd-journal-remote_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhel8,rhel9,ubuntu2204
+prodtype: fedora,rhel7,rhel8,rhel9,ubuntu2204
title: 'Disable systemd-journal-remote Socket'
@@ -21,10 +21,12 @@ rationale: |-
severity: medium
identifiers:
+ cce@rhel7: CCE-87528-6
cce@rhel8: CCE-87605-2
cce@rhel9: CCE-87606-0
references:
+ cis@rhel7: 5.1.2.1.4
cis@rhel8: 4.2.2.1.4
cis@rhel9: 4.2.2.1.4
cis@ubuntu2204: 4.2.1.1.4
diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/rule.yml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/rule.yml
index 8f56116551a..c117d05e5bd 100644
--- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/rule.yml
+++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/rule.yml
@@ -30,7 +30,7 @@ identifiers:
references:
anssi: BP28(R71),NT12(R18)
cis-csc: 1,14,15,16,3,5,6
- cis@rhel7: "4.2.4"
+ cis@rhel7: 5.1.3
cis@rhel8: "4.3"
cis@rhel9: "4.3"
cis@sle12: "4.2.4"
diff --git a/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml b/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml
index 84481069448..7ab29dc86c5 100644
--- a/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml
+++ b/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml
@@ -19,7 +19,7 @@ identifiers:
references:
anssi: BP28(R71),NT12(R18)
cis-csc: 1,14,15,16,3,5,6
- cis@rhel7: "4.2.4"
+ cis@rhel7: 5.1.3
cis@rhel8: "4.3"
cis@rhel9: "4.3"
cis@sle12: "4.2.4"
diff --git a/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml b/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
index bf18c97c6b9..9a97500f403 100644
--- a/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
+++ b/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
@@ -30,7 +30,7 @@ identifiers:
references:
anssi: BP28(R71),NT12(R18)
cis-csc: 1,14,15,16,3,5,6
- cis@rhel7: "4.2.4"
+ cis@rhel7: 5.1.3
cis@rhel8: "4.3"
cis@rhel9: "4.3"
cis@sle12: "4.2.4"
diff --git a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
index 6b4dd084494..07bbff2f544 100644
--- a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
+++ b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
@@ -21,7 +21,7 @@ references:
cis-csc: 1,14,15,16,3,5,6
cis@alinux2: 4.2.2
cis@alinux3: 4.2.1.1
- cis@rhel7: 4.2.1.1
+ cis@rhel7: 5.1.1.1
cis@rhel8: 4.2.1.1
cis@rhel9: 4.2.1.1
cis@sle12: 4.2.1.1
diff --git a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
index cf6f3069ee0..7119ece0c24 100644
--- a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
@@ -41,7 +41,7 @@ identifiers:
references:
cis-csc: 1,11,12,13,14,15,16,18,3,4,5,6,8,9
cis@alinux3: 4.2.1.6
- cis@rhel7: 4.2.1.5
+ cis@rhel7: 5.1.1.7
cis@rhel8: 4.2.1.7
cis@rhel9: 4.2.1.7
cis@sle12: 4.2.1.6
diff --git a/linux_os/guide/system/logging/rsyslog_filecreatemode/rule.yml b/linux_os/guide/system/logging/rsyslog_filecreatemode/rule.yml
index f37af583d4e..51f2139e041 100644
--- a/linux_os/guide/system/logging/rsyslog_filecreatemode/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_filecreatemode/rule.yml
@@ -21,7 +21,7 @@ identifiers:
cce@rhel9: CCE-88322-3
references:
- cis@rhel7: 4.2.1.3
+ cis@rhel7: 5.1.1.4
cis@rhel8: 4.2.1.4
cis@rhel9: 4.2.1.4
cis@ubuntu2004: 4.2.1.4
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
index 879a6290451..bd93146398c 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
@@ -47,7 +47,7 @@ references:
cis-csc: 1,13,14,15,16,2,3,5,6
cis@alinux2: 4.2.1.4
cis@alinux3: 4.2.1.5
- cis@rhel7: 4.2.1.5
+ cis@rhel7: 5.1.1.6
cis@rhel8: 4.2.1.6
cis@rhel9: 4.2.1.6
cis@sle12: 4.2.1.5
diff --git a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
index f2e71949684..83892913236 100644
--- a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
+++ b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
@@ -23,7 +23,7 @@ references:
cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
cis@alinux2: 4.2.1.1
cis@alinux3: 4.2.1.2
- cis@rhel7: 4.2.1.2
+ cis@rhel7: 5.1.1.2
cis@rhel8: 4.2.1.2
cis@rhel9: 4.2.1.2
cis@sle12: 4.2.1.2
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_audit_binaries/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_audit_binaries/rule.yml
index 607aba3c640..d108d2696fc 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_audit_binaries/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_audit_binaries/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhel9,ubuntu2004,ubuntu2204
+prodtype: rhel7,rhel8,rhel9,ubuntu2004,ubuntu2204
title: 'Verify that audit tools are owned by group root'
@@ -37,10 +37,12 @@ rationale: |-
severity: medium
identifiers:
+ cce@rhel7: CCE-89014-5
cce@rhel8: CCE-86455-3
cce@rhel9: CCE-86457-9
references:
+ cis@rhel7: 5.2.4.10
cis@rhel9: 4.1.4.10
cis@ubuntu2204: 4.1.4.10
disa: CCI-001493,CCI-001494
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_audit_binaries/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_audit_binaries/rule.yml
index e1caace8777..ee5c4d972eb 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_audit_binaries/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_audit_binaries/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhel9,ubuntu2004,ubuntu2204
+prodtype: rhel7,rhel8,rhel9,ubuntu2004,ubuntu2204
title: 'Verify that audit tools are owned by root'
@@ -37,10 +37,12 @@ rationale: |-
severity: medium
identifiers:
+ cce@rhel7: CCE-88959-2
cce@rhel8: CCE-86453-8
cce@rhel9: CCE-86454-6
references:
+ cis@rhel7: 5.2.4.9
cis@rhel9: 4.1.4.9
cis@ubuntu2204: 4.1.4.9
disa: CCI-001493,CCI-001494
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml
index f87b5094afb..971a245326b 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhel9,ubuntu2004,ubuntu2204
+prodtype: rhel7,rhel8,rhel9,ubuntu2004,ubuntu2204
title: 'Verify that audit tools Have Mode 0755 or less'
@@ -37,10 +37,12 @@ rationale: |-
severity: medium
identifiers:
+ cce@rhel7: CCE-88909-7
cce@rhel8: CCE-86447-0
cce@rhel9: CCE-86448-8
references:
+ cis@rhel7: 5.2.4.8
cis@rhel9: 4.1.4.8
cis@ubuntu2204: 4.1.4.8
disa: CCI-001493,CCI-001494
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index d4bf971d6af..d493486dbf6 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -9,7 +9,6 @@ CCE-86087-4
CCE-86088-2
CCE-86097-3
CCE-86101-3
-CCE-86102-1
CCE-86105-4
CCE-86106-2
CCE-86140-1
@@ -57,7 +56,6 @@ CCE-86214-4
CCE-86216-9
CCE-86217-7
CCE-86218-5
-CCE-86219-3
CCE-86224-3
CCE-86225-0
CCE-86226-8
@@ -65,13 +63,11 @@ CCE-86229-2
CCE-86241-7
CCE-86242-5
CCE-86243-3
-CCE-86245-8
CCE-86246-6
CCE-86247-4
CCE-86250-8
CCE-86253-2
CCE-86254-0
-CCE-86256-5
CCE-86258-1
CCE-86264-9
CCE-86265-6
@@ -204,7 +200,6 @@ CCE-86463-7
CCE-86464-5
CCE-86465-2
CCE-86466-0
-CCE-86467-8
CCE-86468-6
CCE-86469-4
CCE-86470-2
@@ -927,7 +922,6 @@ CCE-87410-7
CCE-87411-5
CCE-87412-3
CCE-87413-1
-CCE-87415-6
CCE-87417-2
CCE-87418-0
CCE-87419-8
@@ -1022,7 +1016,6 @@ CCE-87523-7
CCE-87525-2
CCE-87526-0
CCE-87527-8
-CCE-87528-6
CCE-87529-4
CCE-87530-2
CCE-87531-0
@@ -1117,7 +1110,6 @@ CCE-87630-0
CCE-87631-8
CCE-87632-6
CCE-87633-4
-CCE-87634-2
CCE-87635-9
CCE-87636-7
CCE-87637-5
@@ -1431,7 +1423,6 @@ CCE-87987-4
CCE-87988-2
CCE-87989-0
CCE-87990-8
-CCE-87991-6
CCE-87992-4
CCE-87993-2
CCE-87994-0
@@ -1526,7 +1517,6 @@ CCE-88097-1
CCE-88099-7
CCE-88100-3
CCE-88101-1
-CCE-88102-9
CCE-88103-7
CCE-88105-2
CCE-88106-0
@@ -1997,7 +1987,6 @@ CCE-88641-6
CCE-88642-4
CCE-88643-2
CCE-88644-0
-CCE-88645-7
CCE-88646-5
CCE-88647-3
CCE-88649-9
@@ -2045,7 +2034,6 @@ CCE-88696-0
CCE-88697-8
CCE-88698-6
CCE-88699-4
-CCE-88700-0
CCE-88701-8
CCE-88702-6
CCE-88703-4
@@ -2093,13 +2081,11 @@ CCE-88752-1
CCE-88753-9
CCE-88754-7
CCE-88755-4
-CCE-88757-0
CCE-88758-8
CCE-88759-6
CCE-88760-4
CCE-88761-2
CCE-88762-0
-CCE-88763-8
CCE-88764-6
CCE-88765-3
CCE-88766-1
@@ -2121,7 +2107,6 @@ CCE-88782-8
CCE-88783-6
CCE-88784-4
CCE-88785-1
-CCE-88786-9
CCE-88787-7
CCE-88788-5
CCE-88790-1
@@ -2216,7 +2201,6 @@ CCE-88892-5
CCE-88893-3
CCE-88894-1
CCE-88895-8
-CCE-88896-6
CCE-88897-4
CCE-88898-2
CCE-88899-0
@@ -2229,7 +2213,6 @@ CCE-88905-5
CCE-88906-3
CCE-88907-1
CCE-88908-9
-CCE-88909-7
CCE-88910-5
CCE-88911-3
CCE-88912-1
@@ -2277,7 +2260,6 @@ CCE-88954-3
CCE-88956-8
CCE-88957-6
CCE-88958-4
-CCE-88959-2
CCE-88960-0
CCE-88965-9
CCE-88966-7
@@ -2325,7 +2307,6 @@ CCE-89010-3
CCE-89011-1
CCE-89012-9
CCE-89013-7
-CCE-89014-5
CCE-89015-2
CCE-89016-0
CCE-89017-8