forked from ComplianceAsCode/content
-
Notifications
You must be signed in to change notification settings - Fork 0
/
rule.yml
55 lines (46 loc) · 2.02 KB
/
rule.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
documentation_complete: true
prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019
title: 'Enable the OpenSSH Service'
description: |-
The SSH server service, sshd, is commonly needed.
{{{ describe_service_enable(service="sshd") }}}
rationale: |-
Without protection of the transmitted information, confidentiality, and
integrity may be compromised because unprotected communications can be
intercepted and either read or altered.
<br /><br />
This checklist item applies to both internal and external networks and all types
of information system components from which information can be transmitted (e.g., servers,
mobile devices, notebook computers, printers, copiers, scanners, etc). Communication paths
outside the physical protection of a controlled boundary are exposed to the possibility
of interception and modification.
severity: medium
identifiers:
cce@rhel7: CCE-80216-5
cce@rhel8: CCE-82426-8
cce@sle12: CCE-83201-4
cce@sle15: CCE-83297-2
references:
stigid@ol7: OL07-00-040310
cui: 3.1.13,3.5.4,3.13.8
disa: CCI-002418,CCI-002420,CCI-002421,CCI-002422
nist: CM-6(a),SC-8,SC-8(1),SC-8(2),SC-8(3),SC-8(4)
nist-csf: PR.DS-2,PR.DS-5
srg: SRG-OS-000423-GPOS-00187,SRG-OS-000423-GPOS-00188,SRG-OS-000423-GPOS-00189,SRG-OS-000423-GPOS-00190
stigid@rhel7: RHEL-07-040310
stigid@sle12: SLES-12-030100
stigid@sle15: SLES-15-010530
isa-62443-2013: 'SR 3.1,SR 3.8,SR 4.1,SR 4.2,SR 5.2'
cobit5: APO01.06,DSS05.02,DSS05.04,DSS05.07,DSS06.02,DSS06.06
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
cis-csc: 13,14
stigid@rhel8: RHEL-08-040160
ocil: |-
{{{ ocil_service_enabled(service="sshd") }}}
template:
name: service_enabled
vars:
servicename: sshd
packagename: openssh-server
packagename@sle12: openssh
packagename@sle15: openssh