-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing the auid settings in the audit rules on 3 STIG IDs #453
Labels
Comments
Merged
uk-bolly
added a commit
that referenced
this issue
Mar 6, 2024
uk-bolly
added a commit
that referenced
this issue
Mar 6, 2024
* Specify missing state parameter for package Signed-off-by: Anže Luzar <anze.luzar@xlab.si> * Correct with_items indentation for package Signed-off-by: Anže Luzar <anze.luzar@xlab.si> * Replace inline strings with module parameters Signed-off-by: Anže Luzar <anze.luzar@xlab.si> * updated link Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * lint updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed old Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * added new defined secrets file Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * added precommit Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * lint updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * added pragma allow list Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated due to galaxy changes Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * moved file Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated path Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed quality badge since galaxy-ng Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Adding additional condition for rhel7stig_grub2_user_cfg for task Signed-off-by: layluke <layluke@protonmail.com> * updated the workflow version and galaxy setup Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed file Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * lint update Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fix typo Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * rhel7stig_boot_part variable now discovered Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * tidy up of rhel7stig_boot_part variable Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * changed logic on 20620 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated logic for uuid Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed extra line Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed doc dir Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * [pre-commit.ci] pre-commit autoupdate updates: - [github.com/gitleaks/gitleaks: v8.18.0 → v8.18.1](gitleaks/gitleaks@v8.18.0...v8.18.1) - [github.com/ansible-community/ansible-lint: v6.21.1 → v6.22.2](ansible/ansible-lint@v6.21.1...v6.22.2) - [github.com/adrienverge/yamllint.git: v1.32.0 → v1.33.0](https://github.com/adrienverge/yamllint.git/compare/v1.32.0...v1.33.0) * Issue #446 tag update to always - thanks to @prestonSeaman2 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * conditional updated 021000 & 021010 #448 thanks @erosen03 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * [pre-commit.ci] pre-commit autoupdate (#451) updates: - [github.com/gitleaks/gitleaks: v8.18.1 → v8.18.2](gitleaks/gitleaks@v8.18.1...v8.18.2) - [github.com/ansible-community/ansible-lint: v6.22.2 → v24.2.0](ansible/ansible-lint@v6.22.2...v24.2.0) - [github.com/adrienverge/yamllint.git: v1.33.0 → v1.34.0](https://github.com/adrienverge/yamllint.git/compare/v1.33.0...v1.34.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> * [pre-commit.ci] pre-commit autoupdate (#454) updates: - [github.com/adrienverge/yamllint.git: v1.34.0 → v1.35.1](https://github.com/adrienverge/yamllint.git/compare/v1.34.0...v1.35.1) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> * Feb 24 updates (#455) * issue #452 addressed * issue #453 addressed * updated for galaxy_ng reqs --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> --------- Signed-off-by: Anže Luzar <anze.luzar@xlab.si> Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: layluke <layluke@protonmail.com> Signed-off-by: uk-bolly <mark.bollyuk@gmail.com> Co-authored-by: Anže Luzar <anze.luzar@xlab.si> Co-authored-by: layluke <layluke@protonmail.com> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
I believe this has now been merged, if you are happy the issues has been addressed we can close this issue? Many thanks uk-bolly |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the Issue
Missing the auid settings in the audit rules on 3 STIG IDs
Expected Behavior
Should be set to include auid settings. For example,
RHEL-07-030819:
-a always,exit -F arch=b32 -S create_module -F auid>=1000 -F auid!=unset -k module-change
-a always,exit -F arch=b64 -S create_module -F auid>=1000 -F auid!=unset -k module-change
Actual Behavior
The three listed STIG IDs do not include the auid setting.
Control(s) Affected
RHEL-07-030819
RHEL-07-030820
RHEL-07-030830
Possible Solution
Add ‘-F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset’ to the 99_auditd.rules.j2 for the 3 listed STIG IDs
The text was updated successfully, but these errors were encountered: