SRG-APP-000148-CTR-000335,SRG-APP-000190-CTR-000500: Covered by sshd_…

…disable_root_login

controls/srg_ctr/SRG-APP-000148-CTR-000335.yml

@@ -3,18 +3,11 @@ controls:
  levels:
  - medium
  title: {{{ full_name }}} must uniquely identify and authenticate users.
+ rules:
+ - sshd_disable_root_login
  related_rules:
  - idp_is_configured
  - ocp_idp_no_htpasswd
  - kubeadmin_removed
- status: inherently met
- status_justification: |-
- Users of the OpenShift Platform must be uniquely identified and
- authenticated in order to access the platform's console. Anonymous
- users are prohibited, and authorization is enforced by the platform's
- RBAC policies. Refer to
- https://docs.openshift.com/container-platform/latest/authentication/index.html
- for more information.
- artifact_description: |-
- Supporting evidence is in the following documentation
- https://docs.openshift.com/container-platform/latest/authentication/index.html
+ status: automated
+

controls/srg_ctr/SRG-APP-000190-CTR-000500.yml

@@ -8,4 +8,5 @@ controls:
  of inactivity;'
  status: automated
  rules:
+ - sshd_disable_root_login
  - oauthclient_inactivity_timeout

linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml

@@ -19,6 +19,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+ cce@rhcos4: CCE-89550-8
  cce@rhel7: CCE-27445-6
  cce@rhel8: CCE-80901-2
  cce@rhel9: CCE-90800-4
@@ -51,7 +52,7 @@ references:
  ospp: FAU_GEN.1
  pcidss: Req-2.2.4
  pcidss4: "2.2.6"
- srg: SRG-OS-000109-GPOS-00056,SRG-OS-000480-GPOS-00227
+ srg: SRG-OS-000109-GPOS-00056,SRG-OS-000480-GPOS-00227,SRG-APP-000148-CTR-000335,SRG-APP-000190-CTR-000500
  stigid@ol7: OL07-00-040370
  stigid@ol8: OL08-00-010550
  stigid@rhel7: RHEL-07-040370

linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/tests/ocp4/e2e.yml

@@ -0,0 +1,3 @@
+---
+default_result: FAIL
+result_after_remediation: PASS

shared/references/cce-redhat-avail.txt

@@ -2863,7 +2863,6 @@ CCE-89546-6
 CCE-89547-4
 CCE-89548-2
 CCE-89549-0
-CCE-89550-8
 CCE-89551-6
 CCE-89552-4
 CCE-89553-2