From d7291fde19e9699ff36a23c943de7804505e4335 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Fri, 20 Sep 2024 09:31:50 -0500 Subject: [PATCH 1/3] Add CPE platforms to auditing rules Fixes #12404 --- .../guide/auditing/policy_rules/audit_access_failed/rule.yml | 2 +- .../guide/auditing/policy_rules/audit_access_success/rule.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml index 2d658b7b16e..bbb61736a3d 100644 --- a/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml @@ -28,7 +28,7 @@ severity: medium # on RHEL9 there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead -{{% if product == "rhel9" %}} +{{% if product in ["rhel9", "rhel10"] %}} platforms: - not aarch64_arch and not ppc64le_arch {{% endif %}} diff --git a/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml index 4f2c4a9d6a0..07f1995d36a 100644 --- a/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml @@ -27,7 +27,7 @@ severity: medium # on RHEL9 there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead -{{% if product == "rhel9" %}} +{{% if product in ["rhel9", "rhel10"] %}} platforms: - not aarch64_arch and not ppc64le_arch {{% endif %}} From 538c9b4472a612aa9c05b3db6716fe98c3eb0ca0 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Fri, 20 Sep 2024 09:34:01 -0500 Subject: [PATCH 2/3] Update conflicts for sysctl_kernel_core_pattern on RHEL 10 --- .../restrictions/sysctl_kernel_core_pattern/rule.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml index a5f4424b8b3..c2da9ffc5eb 100644 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml @@ -12,7 +12,7 @@ rationale: |- severity: medium -{{% if product in ["rhel9"] %}} +{{% if product in ["rhel9", "rhel10"] %}} conflicts: - sysctl_kernel_core_pattern_empty_string {{% endif %}} From bf08ffe57d4d080e0a110d43af1a4e95ab156388 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 23 Sep 2024 13:07:54 -0500 Subject: [PATCH 3/3] Ensure that audit rules are ready for RHEL 10 --- .../audit_rules_dac_modification_fremovexattr/rule.yml | 8 ++++---- .../audit_rules_dac_modification_fsetxattr/rule.yml | 8 ++++---- .../audit_rules_dac_modification_lremovexattr/rule.yml | 8 ++++---- .../audit_rules_dac_modification_lsetxattr/rule.yml | 8 ++++---- .../audit_rules_dac_modification_removexattr/rule.yml | 8 ++++---- .../audit_rules_dac_modification_setxattr/rule.yml | 8 ++++---- .../audit_rules_execution_chcon/rule.yml | 2 +- .../audit_rules_execution_restorecon/rule.yml | 2 +- .../audit_rules_execution_semanage/rule.yml | 2 +- .../audit_rules_execution_setfiles/rule.yml | 2 +- .../audit_rules_execution_setsebool/rule.yml | 2 +- .../audit_rules_execution_seunshare/rule.yml | 2 +- .../audit_rules_privileged_commands_at/rule.yml | 2 +- .../audit_rules_privileged_commands_chage/rule.yml | 2 +- .../audit_rules_privileged_commands_chsh/rule.yml | 2 +- .../audit_rules_privileged_commands_crontab/rule.yml | 2 +- .../rule.yml | 2 +- .../audit_rules_privileged_commands_fusermount/rule.yml | 2 +- .../audit_rules_privileged_commands_fusermount3/rule.yml | 2 +- .../audit_rules_privileged_commands_gpasswd/rule.yml | 2 +- .../rule.yml | 2 +- .../audit_rules_privileged_commands_mount/rule.yml | 2 +- .../audit_rules_privileged_commands_mount_nfs/rule.yml | 2 +- .../audit_rules_privileged_commands_newgidmap/rule.yml | 2 +- .../audit_rules_privileged_commands_newgrp/rule.yml | 2 +- .../audit_rules_privileged_commands_newuidmap/rule.yml | 2 +- .../rule.yml | 5 ++--- .../audit_rules_privileged_commands_passwd/rule.yml | 3 +-- .../audit_rules_privileged_commands_pkexec/rule.yml | 2 +- .../rule.yml | 2 +- .../audit_rules_privileged_commands_postdrop/rule.yml | 2 +- .../audit_rules_privileged_commands_postqueue/rule.yml | 2 +- .../audit_rules_privileged_commands_pt_chown/rule.yml | 2 +- .../audit_rules_privileged_commands_ssh_keysign/rule.yml | 2 +- .../rule.yml | 2 +- .../rule.yml | 2 +- .../rule.yml | 2 +- .../rule.yml | 2 +- .../audit_rules_privileged_commands_su/rule.yml | 3 +-- .../audit_rules_privileged_commands_sudoedit/rule.yml | 2 +- .../audit_rules_privileged_commands_umount/rule.yml | 2 +- .../audit_rules_privileged_commands_unix_chkpwd/rule.yml | 3 +-- .../audit_rules_privileged_commands_userhelper/rule.yml | 2 +- .../audit_rules_privileged_commands_usernetctl/rule.yml | 2 +- .../audit_rules_privileged_commands_utempter/rule.yml | 2 +- .../audit_rules_privileged_commands_write/rule.yml | 2 +- .../auditd_audispd_encrypt_sent_records/rule.yml | 2 +- .../auditing/policy_rules/audit_access_failed/rule.yml | 2 +- .../auditing/policy_rules/audit_create_failed/rule.yml | 4 ++-- .../auditing/policy_rules/audit_create_success/rule.yml | 4 ++-- .../auditing/policy_rules/audit_delete_failed/rule.yml | 4 ++-- .../auditing/policy_rules/audit_delete_success/rule.yml | 4 ++-- .../auditing/policy_rules/audit_modify_failed/rule.yml | 4 ++-- .../auditing/policy_rules/audit_modify_success/rule.yml | 4 ++-- .../auditing/policy_rules/audit_module_load/rule.yml | 4 ++-- .../auditing/policy_rules/audit_ospp_general/rule.yml | 4 ++-- .../policy_rules/audit_owner_change_failed/rule.yml | 4 ++-- .../policy_rules/audit_owner_change_success/rule.yml | 4 ++-- .../policy_rules/audit_perm_change_failed/rule.yml | 4 ++-- .../policy_rules/audit_perm_change_success/rule.yml | 4 ++-- 60 files changed, 91 insertions(+), 95 deletions(-) diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml index 5c4013706bc..2cca4bac395 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml @@ -11,13 +11,13 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

@@ -25,13 +25,13 @@ description: |- utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml index 45a27f73d8b..9aa4c81a3a8 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml @@ -9,24 +9,24 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the auditd daemon is configured to use the auditctl utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml index 611f7c8b644..c14556718d8 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml @@ -11,13 +11,13 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

@@ -25,13 +25,13 @@ description: |- utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml index 1e73f25ba0e..896ebce57c9 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml @@ -9,24 +9,24 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the auditd daemon is configured to use the auditctl utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml index e30fa238fb3..bb63fa383bb 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml @@ -10,13 +10,13 @@ description: |- program to read audit rules during daemon startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

@@ -24,13 +24,13 @@ description: |- utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml index 9c10dfebd49..bd561284a0f 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml @@ -9,24 +9,24 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the auditd daemon is configured to use the auditctl utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} +{{%- if product in ["ol8", "ol9"] or 'rhel' in product or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml index 3e4f18339e4..aac5af0a4e6 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml index 2dd972a1576..d7a2ced768c 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol8", "ol9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml index 42e60ffdb23..be8dd470bb9 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml index fde14f70cb4..569acf2a2b6 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml index ec82b9c27e0..9da7258c553 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml index ef6ea98e5cf..e6f5dcef755 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol8", "ol9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml index a85f4c6974e..aa4a2cbbfbc 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol8", "ol9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in products %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml index 699c2d8c318..e67ace9e5bc 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml index 8c2f54aa92a..c2f7966e2e1 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml index 45761756029..5a165395f00 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml index f911a1d55a7..a81a087db67 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml index 561a4974dc3..91f638ab1f6 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml index b500a24a9c3..71f291b03f4 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml index 1a56d8732f9..3c35ed3aa23 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml index 88a7665285e..cbc9be1f1f0 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml index 165b0dafa5e..501eee83a57 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml index aaf7d582d8b..e1f1fb7e041 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml index 0b5148bf0d7..ea9e8363d4f 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol8", "ol9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml index 824fbf2efe9..9654da23058 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml index ec8f42f0724..733d05aa168 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} + {{%- if product in ["fedora", "ol8", "ol9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml index d8f56e495ac..78fe153cc62 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml @@ -1,5 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} {{% if product in ["sle12", "sle15", "slmicro5"] %}} @@ -66,7 +65,7 @@ references: stigid@ol8: OL08-00-030340 stigid@rhel8: RHEL-08-030340 stigid@sle12: SLES-12-020720 - stigid@sle15: SLES-15-030510 + stigid@sle15: SLES-15-030510 stigid@ubuntu2004: UBTU-20-010178 stigid@ubuntu2204: UBTU-22-654075 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml index fdd446d5815..40126b9c2ba 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml @@ -1,5 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml index 6c01ca01c7c..567d636a681 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml index 69d2893869c..d9f2a6b17d3 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml index 778db53e1f0..b36474faf0b 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml index ab922936f35..5a94676f607 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml index b3117ec8ca6..484d134ec01 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} + {{%- if product in ["fedora", "ol8", "ol9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml index 105548d1608..fae89984de5 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml index f605a88d05f..7d8ceda5e9c 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml index 1abe261732e..ab176f8fb7e 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml index 39e36b02fa4..1617470e4cb 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml index 1450e43e843..5717b0bad30 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml index 2eca54f1d0e..09b7943f203 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml @@ -1,5 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml index 98eca632f96..f133d51fda6 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol8", "ol9", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml index 74f5baa8082..0356da59193 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml index fd95c3679ee..f7e88ebb0cb 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml @@ -1,5 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml index bd7a833c6b0..4146b4b78f4 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml index 612eb66ef1b..990aa4bdbcc 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} + {{%- if product in ["fedora", "ol8", "ol9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml index bf42d77e98f..54d6dcb0ed7 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml index 264d2b88eb3..cec0f8bdd5d 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} +{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] or 'rhel' in product %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml index 8d08fd6c5f8..c36e33d6fff 100644 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml @@ -55,7 +55,7 @@ ocil: |- fixtext: |- Configure {{{ full_name }}} to encrypt audit records sent with audispd plugin. -{{% if product in ["rhel8", "rhel9", "fedora", "ol8", "rhv4"] %}} +{{% if product in ["fedora", "ol8", "rhv4"] or "rhel" in product %}} Set the "transport" option in "{{{ audisp_conf_path }}}/audisp-remote.conf" to "KRB5". {{% else %}} Uncomment the "enable_krb5" option in "{{{ audisp_conf_path }}}/audisp-remote.conf", diff --git a/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml index bbb61736a3d..b14a9d1eac4 100644 --- a/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml @@ -26,7 +26,7 @@ rationale: |- severity: medium -# on RHEL9 there are rules which cover particular hardware architectures +# on RHEL9+ there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead {{% if product in ["rhel9", "rhel10"] %}} platforms: diff --git a/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml index b0a5cc01229..6e54357fb8b 100644 --- a/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml @@ -34,9 +34,9 @@ rationale: |- severity: medium -# on RHEL9 there are rules which cover particular hardware architectures +# on RHEL9+ there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead -{{% if product == "rhel9" %}} +{{% if product in ["rhel9", "rhel10"] %}} platforms: - not aarch64_arch and not ppc64le_arch {{% endif %}} diff --git a/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml index d8b714c9bdd..8f2967b8649 100644 --- a/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml @@ -28,9 +28,9 @@ rationale: |- severity: medium -# on RHEL9 there are rules which cover particular hardware architectures +# on RHEL9+ there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead -{{% if product == "rhel9" %}} +{{% if product in ["rhel9", "rhel10"] %}} platforms: - not aarch64_arch and not ppc64le_arch {{% endif %}} diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml index 8490672a346..fd0c1448582 100644 --- a/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml @@ -26,9 +26,9 @@ rationale: |- severity: medium -# on RHEL9 there are rules which cover particular hardware architectures +# on RHEL9+ there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead -{{% if product == "rhel9" %}} +{{% if product in ["rhel9", "rhel10"] %}} platforms: - not aarch64_arch and not ppc64le_arch {{% endif %}} diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml index ca9d2e9b3cf..de80eee5e5a 100644 --- a/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml @@ -24,9 +24,9 @@ rationale: |- severity: medium -# on RHEL9 there are rules which cover particular hardware architectures +# on RHEL9+ there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead -{{% if product == "rhel9" %}} +{{% if product in ["rhel9", "rhel10"] %}} platforms: - not aarch64_arch and not ppc64le_arch {{% endif %}} diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml index cc9c6aa2d3d..b3c3f4df713 100644 --- a/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml @@ -34,9 +34,9 @@ rationale: |- severity: medium -# on RHEL9 there are rules which cover particular hardware architectures +# on RHEL9+ there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead -{{% if product == "rhel9" %}} +{{% if product in ["rhel9", "rhel10"] %}} platforms: - not aarch64_arch and not ppc64le_arch {{% endif %}} diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml index 7186fd62f10..eb6c21648c1 100644 --- a/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml @@ -29,9 +29,9 @@ rationale: |- severity: medium -# on RHEL9 there are rules which cover particular hardware architectures +# on RHEL9+ there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead -{{% if product == "rhel9" %}} +{{% if product in ["rhel9", "rhel10"] %}} platforms: - not aarch64_arch and not ppc64le_arch {{% endif %}} diff --git a/linux_os/guide/auditing/policy_rules/audit_module_load/rule.yml b/linux_os/guide/auditing/policy_rules/audit_module_load/rule.yml index 1c7d2d8b81a..4cf215813f2 100644 --- a/linux_os/guide/auditing/policy_rules/audit_module_load/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_module_load/rule.yml @@ -25,9 +25,9 @@ rationale: |- severity: medium -# on RHEL9 there are rules which cover particular hardware architectures +# on RHEL9+ there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead -{{% if product == "rhel9" %}} +{{% if product in ["rhel9", "rhel10"] %}} platforms: - not ppc64le_arch {{% endif %}} diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml index 71d554ebf5b..5ccb9257b87 100644 --- a/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml @@ -113,9 +113,9 @@ rationale: |- severity: medium -# on RHEL9 there are rules which cover particular hardware architectures +# on RHEL9+ there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead -{{% if product == "rhel9" %}} +{{% if product in ["rhel9", "rhel10"] %}} platforms: - not aarch64_arch and not ppc64le_arch {{% endif %}} diff --git a/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml index 2c3f92eba25..da5675b525f 100644 --- a/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml @@ -26,9 +26,9 @@ rationale: |- severity: medium -# on RHEL9 there are rules which cover particular hardware architectures +# on RHEL9+ there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead -{{% if product == "rhel9" %}} +{{% if product in ["rhel9", "rhel10"] %}} platforms: - not aarch64_arch and not ppc64le_arch {{% endif %}} diff --git a/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml index 26f238f42b2..acad2197ab6 100644 --- a/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml @@ -24,9 +24,9 @@ rationale: |- severity: medium -# on RHEL9 there are rules which cover particular hardware architectures +# on RHEL9+ there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead -{{% if product == "rhel9" %}} +{{% if product in ["rhel9", "rhel10"] %}} platforms: - not aarch64_arch and not ppc64le_arch {{% endif %}} diff --git a/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml index 238cd298fec..c3dc80d3e61 100644 --- a/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml @@ -26,9 +26,9 @@ rationale: |- severity: medium -# on RHEL9 there are rules which cover particular hardware architectures +# on RHEL9+ there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead -{{% if product == "rhel9" %}} +{{% if product in ["rhel9", "rhel10"] %}} platforms: - not aarch64_arch and not ppc64le_arch {{% endif %}} diff --git a/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml index 59e153c578e..b4d6003251d 100644 --- a/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml +++ b/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml @@ -24,9 +24,9 @@ rationale: |- severity: medium -# on RHEL9 there are rules which cover particular hardware architectures +# on RHEL9+ there are rules which cover particular hardware architectures # so do not apply this rule but apply the specific one instead -{{% if product == "rhel9" %}} +{{% if product in ["rhel9", "rhel10"] %}} platforms: - not aarch64_arch and not ppc64le_arch {{% endif %}}