Merge pull request #10826 from Mab879/update_rhel8_v1r10

Update RHEL 8 STIG to V1R10
ComplianceAsCode · Jul 12, 2023 · 5bae6db · 5bae6db
2 parents d766283 + 7abec1f
commit 5bae6db
Show file tree

Hide file tree

Showing 10 changed files with 1,040 additions and 739 deletions.
diff --git a/linux_os/guide/services/mail/package_mailx_installed/rule.yml b/linux_os/guide/services/mail/package_mailx_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,sle12,sle15
+prodtype: ol7,ol8,rhel7,rhel8,sle12,sle15
 
 title: 'The mailx Package Is Installed'
 
@@ -16,6 +16,7 @@ severity: medium
 
 identifiers:
  cce@rhel7: CCE-86611-1
+ cce@rhel8: CCE-87036-0
  cce@sle12: CCE-92331-8
  cce@sle15: CCE-92519-8
 
@@ -26,6 +27,7 @@ references:
  stigid@ol7: OL07-00-020028
  stigid@ol8: OL08-00-010358
  stigid@rhel7: RHEL-07-020028
+ stigid@rhel8: RHEL-08-010358
  stigid@sle12: SLES-12-010498
  stigid@sle15: SLES-15-010418
 

diff --git a/.../accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml b/.../accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml
@@ -43,6 +43,7 @@ references:
  nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6
  srg: SRG-OS-000123-GPOS-00064,SRG-OS-000002-GPOS-00002
  stigid@ol8: OL08-00-020270
+ stigid@rhel7: RHEL-07-010271
  stigid@rhel8: RHEL-08-020270
 
 ocil_clause: 'any emergency accounts have no expiration date set or do not expire within 72 hours'

diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
@@ -59,6 +59,7 @@ references:
  pcidss: Req-6.2
  srg: SRG-OS-000366-GPOS-00153
  stigid@rhel7: RHEL-07-010019
+ stigid@rhel8: RHEL-08-010019
 
 ocil_clause: 'the Red Hat GPG Key is not installed'
 

diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
@@ -1,7 +1,7 @@
 documentation_complete: true
 
 metadata:
- version: V1R9
+ version: V1R10
  SMEs:
  - mab879
  - ggbecker
@@ -96,6 +96,9 @@ selections:
  # RHEL-08-010010
  - security_patches_up_to_date
 
+ # RHEL-08-010019
+ - ensure_redhat_gpgkey_installed
+
  # RHEL-08-010020
  - sysctl_crypto_fips_enabled
 
@@ -250,6 +253,9 @@ selections:
  # RHEL-08-010351
  - dir_group_ownership_library_dirs
 
+ # RHEL-08-010358
+ - package_mailx_installed
+
  # RHEL-08-010359
  - package_aide_installed
  - aide_build_database
@@ -634,7 +640,7 @@ selections:
  - account_disable_post_pw_expiration
 
  # RHEL-08-020270
- - account_emergency_expire_date
+ - account_temp_expire_date
 
  # RHEL-08-020280
  - accounts_password_pam_ocredit

diff --git a/products/rhel8/profiles/stig_gui.profile b/products/rhel8/profiles/stig_gui.profile
@@ -1,7 +1,7 @@
 documentation_complete: true
 
 metadata:
- version: V1R9
+ version: V1R10
  SMEs:
  - mab879
  - ggbecker

diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
@@ -635,7 +635,6 @@ CCE-87028-7
 CCE-87029-5
 CCE-87030-3
 CCE-87031-1
-CCE-87036-0
 CCE-87037-8
 CCE-87038-6
 CCE-87039-4

diff --git a/...ces/disa-stig-rhel8-v1r9-xccdf-manual.xml → ...es/disa-stig-rhel8-v1r10-xccdf-manual.xml b/...ces/disa-stig-rhel8-v1r9-xccdf-manual.xml → ...es/disa-stig-rhel8-v1r10-xccdf-manual.xml
diff --git a/...ences/disa-stig-rhel8-v1r8-xccdf-scap.xml → ...ences/disa-stig-rhel8-v1r9-xccdf-scap.xml b/...ences/disa-stig-rhel8-v1r8-xccdf-scap.xml → ...ences/disa-stig-rhel8-v1r9-xccdf-scap.xml
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
@@ -22,14 +22,13 @@ description: 'This profile contains configuration checks that align to the
  - Red Hat Containers with a Red Hat Enterprise Linux 8 image'
 extends: null
 metadata:
- version: V1R9
+ version: V1R10
  SMEs:
  - mab879
  - ggbecker
 reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
 selections:
 - account_disable_post_pw_expiration
-- account_emergency_expire_date
 - account_password_selinux_faillock_dir
 - account_temp_expire_date
 - account_unique_id
@@ -315,6 +314,7 @@ selections:
 - package_krb5-workstation_removed
 - package_libreport-plugin-logger_removed
 - package_libreport-plugin-rhtsupport_removed
+- package_mailx_installed
 - package_mcafeetp_installed
 - package_opensc_installed
 - package_openssh-server_installed

diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
@@ -33,14 +33,13 @@ description: 'This profile contains configuration checks that align to the
  standard DISA STIG for Red Hat Enterprise Linux 8 profile.'
 extends: null
 metadata:
- version: V1R9
+ version: V1R10
  SMEs:
  - mab879
  - ggbecker
 reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
 selections:
 - account_disable_post_pw_expiration
-- account_emergency_expire_date
 - account_password_selinux_faillock_dir
 - account_temp_expire_date
 - account_unique_id
@@ -325,6 +324,7 @@ selections:
 - package_krb5-server_removed
 - package_krb5-workstation_removed
 - package_libreport-plugin-logger_removed
+- package_mailx_installed
 - package_mcafeetp_installed
 - package_opensc_installed
 - package_openssh-server_installed