forked from ComplianceAsCode/content
/
rule.yml
45 lines (35 loc) · 1.68 KB
/
rule.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
documentation_complete: true
prodtype: ol7,ol8,rhel7,rhel8
title: 'Disable Odd Job Daemon (oddjobd)'
description: |-
The <tt>oddjobd</tt> service exists to provide an interface and
access control mechanism through which
specified privileged tasks can run tasks for unprivileged client
applications. Communication with <tt>oddjobd</tt> through the system message bus.
{{{ describe_service_disable(service="oddjobd") }}}
rationale: |-
The <tt>oddjobd</tt> service may provide necessary functionality in
some environments, and can be disabled if it is not needed. Execution of
tasks by privileged programs, on behalf of unprivileged ones, has traditionally
been a source of privilege escalation security issues.
severity: medium
identifiers:
cce@rhel7: CCE-80263-7
cce@rhel8: CCE-80880-8
references:
disa: CCI-000381
nist: CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.IP-1,PR.PT-3
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2
cis-csc: 11,14,3,9
ocil: |-
{{{ ocil_service_disabled(service="oddjobd") }}}
platform: machine
template:
name: service_disabled
vars:
servicename: oddjobd
packagename: oddjob