Merge pull request #10705 from Mab879/increase_rhel7_coverage

Increase RHEL7 STIG Coverage
ComplianceAsCode · Jun 10, 2023 · d3fd420 · d3fd420
2 parents fa777d4 + faa6d7b
commit d3fd420
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 4 deletions.
diff --git a/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml b/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
@@ -17,6 +17,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+ cce@rhel7: CCE-86408-2
  cce@rhel9: CCE-85967-8
  cce@sle12: CCE-83250-1
  cce@sle15: CCE-91156-0
@@ -27,6 +28,7 @@ references:
  srg: SRG-OS-000373-GPOS-00156,SRG-OS-000373-GPOS-00157,SRG-OS-000373-GPOS-00158
  stigid@ol7: OL07-00-010344
  stigid@ol8: OL08-00-010385
+ stigid@rhel7: RHEL-07-010344
  stigid@sle12: SLES-12-010114
  stigid@sle15: SLES-15-020104
 

diff --git a/...em/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml b/...em/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
@@ -40,6 +40,7 @@ references:
  srg: SRG-OS-000480-GPOS-00227
  stigid@ol7: OL07-00-010291
  stigid@ol8: OL08-00-010121
+ stigid@rhel7: RHEL-07-010291
  stigid@sle12: SLES-12-010221
  stigid@sle15: SLES-15-020181
 

diff --git a/linux_os/guide/system/selinux/selinux_confine_to_least_privilege/rule.yml b/linux_os/guide/system/selinux/selinux_confine_to_least_privilege/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7
+prodtype: ol7,rhel7
 
 title: 'Confine SELinux Users To Roles That Conform To Least Privilege'
 
@@ -27,17 +27,21 @@ rationale: |-
 
 severity: medium
 
+identifiers:
+ cce@rhel7: CCE-86544-4
+
 references:
  disa: CCI-002165,CCI-002235
  nist: AC-3(4),AC-6(10)
  srg: SRG-OS-000324-GPOS-00125
  stigid@ol7: OL07-00-020021
+ stigid@rhel7: RHEL-07-020021
 
 ocil_clause: 'selinux users are not confined to least privilege'
 
 ocil: |-
  Verify the operating system confines SELinux users to roles that conform to least
- privilege. Check the SELinux User list to SELinux Roles mapping by using the 
+ privilege. Check the SELinux User list to SELinux Roles mapping by using the
  following command:
  <pre>sudo semanage user -l</pre>
  The output should look like this:

diff --git a/products/rhel7/profiles/stig.profile b/products/rhel7/profiles/stig.profile
@@ -345,3 +345,6 @@ selections:
  - sysctl_kernel_dmesg_restrict
  - aide_build_database
  - authconfig_config_files_symlinks
+ - no_empty_passwords_etc_shadow
+ - disallow_bypass_password_sudo
+ - selinux_confine_to_least_privilege
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
@@ -189,7 +189,6 @@ CCE-86404-1
 CCE-86405-8
 CCE-86406-6
 CCE-86407-4
-CCE-86408-2
 CCE-86410-8
 CCE-86411-6
 CCE-86412-4
@@ -278,7 +277,6 @@ CCE-86540-2
 CCE-86541-0
 CCE-86542-8
 CCE-86543-6
-CCE-86544-4
 CCE-86548-5
 CCE-86549-3
 CCE-86554-3