Skip to content

[Ubuntu 22.04 STIG] Add stigid@ubuntu2204 references: Auditing (96 rules)#14512

Closed
hdean3 wants to merge 1 commit intoComplianceAsCode:masterfrom
hdean3:fix/stigid-ubuntu2204-auditing
Closed

[Ubuntu 22.04 STIG] Add stigid@ubuntu2204 references: Auditing (96 rules)#14512
hdean3 wants to merge 1 commit intoComplianceAsCode:masterfrom
hdean3:fix/stigid-ubuntu2204-auditing

Conversation

@hdean3
Copy link
Copy Markdown
Contributor

@hdean3 hdean3 commented Feb 28, 2026

Summary

Adds missing stigid@ubuntu2204 cross-references to 96 rule.yml files covering audit rules — DAC modifications, file deletions, unsuccessful file modifications, kernel module loading, SUID/SGID execution, account management events.

Coverage Gap Addressed

Ubuntu 22.04 LTS had no stigid@ubuntu2204 entries in rule.yml references: blocks. This gap causes STIG Viewer CKL exports to show blank Rule ID fields for Ubuntu 22.04 rules, preventing automated compliance tracking against the DISA STIG.

Note: Ubuntu 24.04 and OL9 use controls-based stigid injection (reference_type in stig_ubuntu2404.yml / stig_ol9.yml injects references via the controls system). Ubuntu 22.04's build environment does not include stigid in reference_uris, so rule.yml patches are the correct approach for this distro.

Changes

  • Category: Auditing Rules
  • Files modified: 96 rule.yml files — stigid@ubuntu2204: UBTU-22-030xxx added to references: block
  • No functional logic changes — reference metadata only
  • All existing references: entries preserved

Testing

# Verify stigid@ubuntu2204 appears in modified files
grep -r "stigid@ubuntu2204" linux_os/ | grep "030" | wc -l

Related Work

Part of the Ubuntu 22.04 STIG stigid@ gap-filling series (original: #14463, closed due to PR volume). Companion PR: Password Policy batch.

@hdean3
Add stigid@ubuntu2204 references: Auditing
bf6bf7d 
Add missing stigid@ubuntu2204 entries to 96 rule.yml files for
DISA Ubuntu 22.04 STIG V2R7 Auditing controls (UBTU-22-651000 to
UBTU-22-671099 range).

Without these references, OpenSCAP scan results cannot be mapped
to DISA UBTU-22-XXXXXX checklist items in STIG Viewer (CKL export
produces blank Rule ID fields).

Entries follow the same pattern as existing stigid@ol8, stigid@sle12,
and stigid@sle15 references. Authoritative UBTU-22-XXXXXX IDs sourced
from controls/stig_ubuntu2204.yml.
@hdean3 hdean3 mentioned this pull request Feb 28, 2026
Closed
@openshift-ci openshift-ci Bot added the needs-ok-to-test Used by openshift-ci bot. label Feb 28, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Feb 28, 2026

Hi @hdean3. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@hdean3
Copy link
Copy Markdown
Contributor Author

hdean3 commented Feb 28, 2026

Closing: The stig_ubuntu2204 controls file has reference_type: stigid which auto-injects UBTU-22-xxx references into all mapped rules at build time. Adding stigid@ubuntu2204 to rule.yml creates duplicate references, which is now caught by the build validation. This approach was incorrect. The correct fix for any actual gaps would be to add missing controls to the controls file itself, not to patch rule.yml. Thank you for your review.

@hdean3 hdean3 closed this Feb 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs-ok-to-test Used by openshift-ci bot.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hdean3