Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rework SCA for Red-Hat Enterprise Linux 7 #18440

Merged
merged 16 commits into from Sep 25, 2023
Merged

Rework SCA for Red-Hat Enterprise Linux 7 #18440

merged 16 commits into from Sep 25, 2023

Conversation

Johnng007
Copy link
Member

@Johnng007 Johnng007 commented Aug 15, 2023
edited by ooniagbi

Component Action type Main Issue
SCA Rework

Main tasks

  • Use the latest CIS benchmark PDF from https://downloads.cisecurity.org/#/
  • Verify IDs numbers.
  • Verify texts are correct: Title, Description, Rationale and Remediation.
  • Verify Compliance: CIS, CIS_CSC.
  • Verify condtion and rules:
    • To Pass.
    • To Fail.

Checks

Syntax and semantic

  • a) ID of each policy must be contiguous.
  • b) The order and format set in Documentation must be respected.
  • c) YML must be valid to avoid errors.

Content

  • a) Compare each check with its analogue from CIS Benchmark.
  • b) Try to maintain each rule as similar as possible with the Audit section from the CIS check.
  • c) Check that the commands provide the expected output.
  • d) When a failure is discovered, check similar policies to avoid repetition of the issue.

Unit testing

  • a) Output from ossec.log after the SCA scan and a raw output of the result of the checks.
Tests results

Analysisd (server or local)

analysisd.debug=2

Auth daemon debug (server)

authd.debug=0

Exec daemon debug (server, local, or Unix agent)

execd.debug=0

Monitor daemon debug (server, local, or Unix agent)

monitord.debug=0

Log collector (server, local or Unix agent)

logcollector.debug=0

Integrator daemon debug (server, local or Unix agent)

integrator.debug=0

Unix agentd

agent.debug=2

Deployment

  • a) If the policy it's new, it must be added to the sca.files templates.
  • b) If the OS has many supported SCA policies, a policy must be set as default policy. (as example)

@Johnng007 Johnng007 linked an issue Aug 15, 2023 that may be closed by this pull request
Rework SCA Policy for Red Hat Enterprise Linux 7 #17355
Closed
17 tasks
Johnng007 and others added 15 commits August 18, 2023 11:47
@ooniagbi ooniagbi self-requested a review September 25, 2023 12:10
@ooniagbi ooniagbi marked this pull request as ready for review September 25, 2023 12:11
ooniagbi
ooniagbi approved these changes Sep 25, 2023
View reviewed changes
Copy link
Member

@ooniagbi ooniagbi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ooniagbi ooniagbi merged commit e04ab8b into master Sep 25, 2023
@ooniagbi ooniagbi deleted the Rework-SCA-for-Red-Hat-Enterprise-Linux-7 branch September 25, 2023 12:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ooniagbi ooniagbi ooniagbi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Rework SCA Policy for Red Hat Enterprise Linux 7
2 participants
@Johnng007 @ooniagbi