Rework SCA policy for Ubuntu Linux 20.04 (CIS v2.0.0)

[IsExec]

Component	Action type	Main Issue
SCA	Create	#14358

Main tasks

• Use the latest CIS benchmark PDF Draft version - CIS Amazon Linux 2022 Benchmark v1.0.0 Draft
• Verify IDs numbers.
• Verify texts are correct: Title, Description, Rationale and Remediation.
• Verify Compliance: CIS, CIS_CSC.
• Verify condition and rules:
  • To Pass.
  • To Fail.

Issue QA:

• TBD

PR Tests

Syntax and semantic

• a) ID of each policy must be contiguous.
• b) The order and format set in Documentation must be respected.
• c) YML must be valid to avoid errors.

Content

• a) Compare each check with its analog from CIS Benchmark.
• b) Try maintaining each rule as similar as possible with the Audit section from the CIS check.
• c) Check that the commands provide the expected output.
• d) When a failure is discovered, check similar policies to avoid repetition of the issue.

Unit testing

• a) Output from ossec.log after the SCA scan and a raw output of the result of the checks.

Tests results

Analysisd (server or local)

analysisd.debug=2

Auth daemon debug (server)

authd.debug=0

Exec daemon debug (server, local, or Unix agent)

execd.debug=0

Monitor daemon debug (server, local, or Unix agent)

monitord.debug=0

Log collector (server, local or Unix agent)

logcollector.debug=0

Integrator daemon debug (server, local, or Unix agent)

integrator.debug=0

Unix agentd

agent.debug=2

Deployment

• a) If the policy it's new, it must be added to the sca.files templates.
• b) If the OS has many supported SCA policies, a policy must be set as the default policy. (as example)

Documentation

• a) Ensure documentation SCA list includes the created or updated SCA.

[72nomada]

LGTM