From 7172933cbc742360419b294d84028776e0b31d53 Mon Sep 17 00:00:00 2001 From: teacup-on-rockingchair <315160+teacup-on-rockingchair@users.noreply.github.com> Date: Fri, 23 Jun 2023 01:35:35 +0300 Subject: [PATCH] Add platform package clause for firewalld related rules --- .../network-iptables/ensure_iptables_are_flushed/rule.yml | 2 ++ .../iptables_activation/service_ip6tables_enabled/rule.yml | 2 ++ .../iptables_activation/service_iptables_enabled/rule.yml | 2 ++ .../iptables_activation/set_ip6tables_default_rule/rule.yml | 2 +- .../iptables_activation/set_ipv6_loopback_traffic/rule.yml | 2 +- .../iptables_activation/set_loopback_traffic/rule.yml | 2 +- .../package_iptables-persistent_installed/rule.yml | 2 ++ .../package_iptables-persistent_removed/rule.yml | 2 ++ .../package_iptables-services_installed/rule.yml | 2 ++ .../network-iptables/package_iptables-services_removed/rule.yml | 2 ++ 10 files changed, 17 insertions(+), 3 deletions(-) diff --git a/linux_os/guide/system/network/network-iptables/ensure_iptables_are_flushed/rule.yml b/linux_os/guide/system/network/network-iptables/ensure_iptables_are_flushed/rule.yml index e6ebde5fb4a..b20e667b2d1 100644 --- a/linux_os/guide/system/network/network-iptables/ensure_iptables_are_flushed/rule.yml +++ b/linux_os/guide/system/network/network-iptables/ensure_iptables_are_flushed/rule.yml @@ -14,6 +14,8 @@ rationale: |- severity: medium +platform: package[iptables] + identifiers: cce@sle15: CCE-92523-0 diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/service_ip6tables_enabled/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/service_ip6tables_enabled/rule.yml index 32156eba39b..7aa12a4d00c 100644 --- a/linux_os/guide/system/network/network-iptables/iptables_activation/service_ip6tables_enabled/rule.yml +++ b/linux_os/guide/system/network/network-iptables/iptables_activation/service_ip6tables_enabled/rule.yml @@ -11,6 +11,8 @@ rationale: |- severity: medium +platform: package[iptables] + identifiers: cce@rhel8: CCE-85955-3 cce@rhel9: CCE-85960-3 diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/service_iptables_enabled/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/service_iptables_enabled/rule.yml index 336b45bfbff..373c59b2ef5 100644 --- a/linux_os/guide/system/network/network-iptables/iptables_activation/service_iptables_enabled/rule.yml +++ b/linux_os/guide/system/network/network-iptables/iptables_activation/service_iptables_enabled/rule.yml @@ -11,6 +11,8 @@ rationale: |- severity: medium +platform: package[iptables] + identifiers: cce@rhel8: CCE-85961-1 cce@rhel9: CCE-85962-9 diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml index 9d5f317d8a0..a52a4303658 100644 --- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml +++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml @@ -20,7 +20,7 @@ rationale: |- severity: medium -platform: not package[nftables] and not package[ufw] +platform: not package[nftables] and not package[ufw] and package[iptables] identifiers: cce@rhel7: CCE-86718-4 diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml index 73e27eda618..d86c7d2c68f 100644 --- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml +++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml @@ -16,7 +16,7 @@ rationale: |- severity: medium -platform: not package[nftables] and not package[ufw] +platform: not package[nftables] and not package[ufw] and package[iptables] identifiers: cce@sle12: CCE-92215-3 diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml index 6ab31a41333..06f3cc43b35 100644 --- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml +++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml @@ -16,7 +16,7 @@ rationale: |- severity: medium -platform: not package[nftables] and not package[ufw] +platform: not package[nftables] and not package[ufw] and package[iptables] identifiers: cce@sle12: CCE-92214-6 diff --git a/linux_os/guide/system/network/network-iptables/package_iptables-persistent_installed/rule.yml b/linux_os/guide/system/network/network-iptables/package_iptables-persistent_installed/rule.yml index 8f75d8688bb..c630f737cb7 100644 --- a/linux_os/guide/system/network/network-iptables/package_iptables-persistent_installed/rule.yml +++ b/linux_os/guide/system/network/network-iptables/package_iptables-persistent_installed/rule.yml @@ -13,6 +13,8 @@ rationale: |- severity: medium +platform: package[iptables] + references: cis@ubuntu2004: 3.5.3.1.1 cis@ubuntu2204: 3.5.3.1.1 diff --git a/linux_os/guide/system/network/network-iptables/package_iptables-persistent_removed/rule.yml b/linux_os/guide/system/network/network-iptables/package_iptables-persistent_removed/rule.yml index c4a0bbf2092..a964743409b 100644 --- a/linux_os/guide/system/network/network-iptables/package_iptables-persistent_removed/rule.yml +++ b/linux_os/guide/system/network/network-iptables/package_iptables-persistent_removed/rule.yml @@ -13,6 +13,8 @@ rationale: |- severity: medium +platform: package[iptables] + references: cis@ubuntu2004: 3.5.1.2 cis@ubuntu2204: 3.5.1.2 diff --git a/linux_os/guide/system/network/network-iptables/package_iptables-services_installed/rule.yml b/linux_os/guide/system/network/network-iptables/package_iptables-services_installed/rule.yml index f21ba1609be..74fef1fa98f 100644 --- a/linux_os/guide/system/network/network-iptables/package_iptables-services_installed/rule.yml +++ b/linux_os/guide/system/network/network-iptables/package_iptables-services_installed/rule.yml @@ -15,6 +15,8 @@ rationale: |- severity: medium +platform: package[iptables] + identifiers: cce@rhel8: CCE-85982-7 diff --git a/linux_os/guide/system/network/network-iptables/package_iptables-services_removed/rule.yml b/linux_os/guide/system/network/network-iptables/package_iptables-services_removed/rule.yml index 8d03c630f35..291cf56944b 100644 --- a/linux_os/guide/system/network/network-iptables/package_iptables-services_removed/rule.yml +++ b/linux_os/guide/system/network/network-iptables/package_iptables-services_removed/rule.yml @@ -16,6 +16,8 @@ rationale: |- severity: medium +platform: package[iptables] + identifiers: cce@rhel7: CCE-86678-0 cce@rhel8: CCE-86679-8