Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

4.0 SCA new checks and policies #776

Merged
merged 209 commits into from Nov 23, 2020
Merged

4.0 SCA new checks and policies #776

merged 209 commits into from Nov 23, 2020

Conversation

jctello
Copy link
Contributor

@jctello jctello commented Nov 10, 2020

This PR greatly enhances the amount of SCA checks for various applications and operating systems and assigns new unique IDs to each check.

Added the following policies entirely:

  • MS SQL Server (version 2012, 2014, 2017 & 2019): 23 new checks
  • centOS (6, 7, 8): ported from original RHEL checks, added more than 120 new checks to each
  • Windows (2016 and 1029) more than 250 checks each
  • RHEL 8: 187 new checks
  • Debian 10: 192 new checks

Added checks to the following policies:

  • Debian (7,8,9): Merged L1 & L2 and added 30-50 checks each.
  • RHEL (6,7): more than 120 new checks each
  • Windows (10, 2012): Merged L1 & L2 and added 3 and 38 checks respectively.

This PR also fixes typos both in the description and in the policies themselves that would break previously existing policies.
Each one of these files has been individually tested to work as expected on their relevant environment with the latest Wazuh agent.

mikykeane and others added 30 commits June 12, 2020 21:16
@mikykeane
Addition of SCA policies for RHEL 7
7a395e9
@mikykeane
Addition of SCA policies for RHEL 6
15256dd
@mikykeane
Changed IDs
05730e7
@mikykeane
Changed IDs
6f9b152
@K-Embee
Recreates Centos policy based off of RHEL6
93825fe
Added Centos 7 SCA policies
f6ca5cf
@mikykeane
Divided alerts into corresponding groups
85f9e31
@mikykeane
Updated IDs
7ff916c
@mikykeane
Added modified CentOS files
126a45d
@mikykeane
Merged RHEL6 L1 and L2
3cf5430
@mikykeane
Deleted old files
7a1df48
@mikykeane
Merged RHEL 7 policies
0ee5c68
@mikykeane
Deleted unused files
55fa1e0
@mikykeane
Merged RHEL 8 policies
712eb07
@mikykeane
Deleted divided policies
b18ce56
@mikykeane
Merged CentOS 6
4855677
@mikykeane
Deleted incorrect RHEL files
3ed4bee
@mikykeane
Deleted old CentOS files
f6a5efb
@mikykeane
Merged CentOS 7 policies
93bcc35
@mikykeane
Deleted old CentOS 7 policy files
0b28dc6
@mikykeane
Merged CentOS 8 policies
6f50822
@mikykeane
Deleted old policies CentOS 8
7b22629
@mikykeane
Updated IDs
ac4bfd0
@mikykeane
Update IDs
64c05d5
@mikykeane
Update IDs
2dc71a4
@mikykeane
Update IDs
c697bc8
@mikykeane
Update IDs
4d04fe6
@mikykeane
Update IDs
bc241d8
@mikykeane
Created unique Debian 9 policy
fc30c07
@mikykeane
Merged Debian 9 policis into unique policy
7125f66
@jctello jctello added operations SCA SCA policies related issues labels Nov 10, 2020
@jctello jctello requested a review from snaow November 10, 2020 20:37
@snaow snaow removed their request for review November 11, 2020 13:30
This was referenced Nov 12, 2020
Closed
Merged
Closed
Merged
chemamartinez
chemamartinez reviewed Nov 16, 2020
View reviewed changes
sca/centos/6/cis_centos6_linux.yml Show resolved Hide resolved
sca/debian/cis_debian9.yml
condition: all
rules:
- 'c:mount -> r:\s/var/tmp\s && r:noexec'

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The space between the checks is different in many points, it would be good to define the same space in all policies

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Working on a script to easily fix this on all the policy files.

sca/rhel/7/cis_rhel7_linux.yml Outdated Show resolved Hide resolved
@jctello jctello merged commit 0b3c7c7 into master Nov 23, 2020
@jctello jctello deleted the 4.0-SCA branch November 23, 2020 14:08
@chemamartinez chemamartinez mentioned this pull request Dec 16, 2020
Closed
@chemamartinez chemamartinez mentioned this pull request Dec 28, 2020
Closed
1 task
@DFolchA DFolchA mentioned this pull request May 7, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chemamartinez chemamartinez chemamartinez left review comments

@mikykeane mikykeane mikykeane approved these changes

Assignees

@mikykeane mikykeane

@jctello jctello

Labels
operations SCA SCA policies related issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@jctello @mikykeane @chemamartinez @K-Embee @eliasgrana @MiguelCasaresRobles @odintree