[Ubuntu 22.04] Add missing stigid@ubuntu2204 references: Auditing (UBTU-22-651000 to 671099)

[hdean3]

Problem

The ComplianceAsCode Ubuntu 22.04 STIG profile (stig_ubuntu2204) currently cannot map OpenSCAP scan results to individual DISA STIG checklist items in STIG Viewer. When exporting a CKL (Checklist) from OpenSCAP results, the Rule ID column is blank for all Ubuntu 22.04 rules.

Root cause: Rule.yml files for Ubuntu 22.04 STIG controls are missing stigid@ubuntu2204: entries in their references: blocks. Rules like package_audit_installed already have stigid@ol8, stigid@sle12, and stigid@sle15 entries, but stigid@ubuntu2204 was never added when Ubuntu 22.04 STIG support was introduced.

Impact without this fix:

• OpenSCAP → STIG Viewer (CKL) workflow broken for Ubuntu 22.04
• Automated compliance reporting cannot link scan findings to UBTU-22-XXXXXX IDs
• Manual cross-referencing required (defeats the purpose of SSG automation)

Solution

Add stigid@ubuntu2204: UBTU-22-XXXXXX to the references: block of 96 rule.yml files covering DISA Ubuntu 22.04 STIG V2R7 Auditing controls (UBTU-22-651000 to UBTU-22-671099).

Format follows existing pattern

# Before
references:
    stigid@ol8: OL08-00-030180
    stigid@sle12: SLES-12-020000
    stigid@sle15: SLES-15-030650

# After
references:
    stigid@ol8: OL08-00-030180
    stigid@sle12: SLES-12-020000
    stigid@sle15: SLES-15-030650
    stigid@ubuntu2204: UBTU-22-653010

Authoritative source

All UBTU-22-XXXXXX IDs come directly from controls/stig_ubuntu2204.yml (the existing V2R7 controls mapping already in this repository). No external sources used.

Testing

• Verified stigid@ubuntu2204 format matches existing stigid@ entries in the repository
• Verified all UBTU-22 IDs match their corresponding entries in controls/stig_ubuntu2204.yml
• YAML syntax validated — entries are inserted alphabetically in references: blocks

Related

This is part of a series of PRs adding stigid@ubuntu2204 across all Ubuntu 22.04 STIG V2R7 control categories. Each category is submitted as a separate PR:

• Auditing (this PR) — 96 rules, UBTU-22-651000 to 671099
• Password Policy — 24 rules
• Account Management — 21 rules
• File Permissions and Ownership — 31 rules
• Networking and Firewall — 17 rules
• Software and Packages — 10 rules
• System Configuration — 9 rules
• GNOME Display Manager — 6 rules
• Kernel Modules — 2 rules

Total: ~230 rule.yml files across all PRs.

[openshift-ci]

Hi @hdean3. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[hdean3]

Closing to reset fork and CI queue. Will re-submit in small batches (2-3 at a time) after PR #14511 receives /ok-to-test from a maintainer.