Missing the auid settings in the audit rules on 3 STIG IDs #453
Assignees
Labels
Comments
Merged
uk-bolly
added a commit
that referenced
this issue
Mar 6, 2024
uk-bolly
added a commit
that referenced
this issue
Mar 6, 2024
* Specify missing state parameter for package Signed-off-by: Anže Luzar <anze.luzar@xlab.si> * Correct with_items indentation for package Signed-off-by: Anže Luzar <anze.luzar@xlab.si> * Replace inline strings with module parameters Signed-off-by: Anže Luzar <anze.luzar@xlab.si> * updated link Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * lint updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed old Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * added new defined secrets file Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * added precommit Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * lint updates Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * added pragma allow list Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated due to galaxy changes Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * moved file Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated path Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed quality badge since galaxy-ng Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * Adding additional condition for rhel7stig_grub2_user_cfg for task Signed-off-by: layluke <layluke@protonmail.com> * updated the workflow version and galaxy setup Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed file Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * lint update Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * fix typo Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * rhel7stig_boot_part variable now discovered Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * tidy up of rhel7stig_boot_part variable Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * changed logic on 20620 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated logic for uuid Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed extra line Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed doc dir Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * [pre-commit.ci] pre-commit autoupdate updates: - [github.com/gitleaks/gitleaks: v8.18.0 → v8.18.1](gitleaks/gitleaks@v8.18.0...v8.18.1) - [github.com/ansible-community/ansible-lint: v6.21.1 → v6.22.2](ansible/ansible-lint@v6.21.1...v6.22.2) - [github.com/adrienverge/yamllint.git: v1.32.0 → v1.33.0](https://github.com/adrienverge/yamllint.git/compare/v1.32.0...v1.33.0) * Issue #446 tag update to always - thanks to @prestonSeaman2 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * conditional updated 021000 & 021010 #448 thanks @erosen03 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * [pre-commit.ci] pre-commit autoupdate (#451) updates: - [github.com/gitleaks/gitleaks: v8.18.1 → v8.18.2](gitleaks/gitleaks@v8.18.1...v8.18.2) - [github.com/ansible-community/ansible-lint: v6.22.2 → v24.2.0](ansible/ansible-lint@v6.22.2...v24.2.0) - [github.com/adrienverge/yamllint.git: v1.33.0 → v1.34.0](https://github.com/adrienverge/yamllint.git/compare/v1.33.0...v1.34.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> * [pre-commit.ci] pre-commit autoupdate (#454) updates: - [github.com/adrienverge/yamllint.git: v1.34.0 → v1.35.1](https://github.com/adrienverge/yamllint.git/compare/v1.34.0...v1.35.1) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> * Feb 24 updates (#455) * issue #452 addressed * issue #453 addressed * updated for galaxy_ng reqs --------- Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> --------- Signed-off-by: Anže Luzar <anze.luzar@xlab.si> Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> Signed-off-by: layluke <layluke@protonmail.com> Signed-off-by: uk-bolly <mark.bollyuk@gmail.com> Co-authored-by: Anže Luzar <anze.luzar@xlab.si> Co-authored-by: layluke <layluke@protonmail.com> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
I believe this has now been merged, if you are happy the issues has been addressed we can close this issue? Many thanks uk-bolly |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the Issue
Missing the auid settings in the audit rules on 3 STIG IDs
Expected Behavior
Should be set to include auid settings. For example,
RHEL-07-030819:
-a always,exit -F arch=b32 -S create_module -F auid>=1000 -F auid!=unset -k module-change
-a always,exit -F arch=b64 -S create_module -F auid>=1000 -F auid!=unset -k module-change
Actual Behavior
The three listed STIG IDs do not include the auid setting.
Control(s) Affected
RHEL-07-030819
RHEL-07-030820
RHEL-07-030830
Possible Solution
Add ‘-F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset’ to the 99_auditd.rules.j2 for the 3 listed STIG IDs
The text was updated successfully, but these errors were encountered: