Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-9.4.z
Affects Version/s: rhel-9.2.0
Component/s: scap-security-guide
Labels:
- MigratedToJIRA
- Triaged

Fixed in Build:
scap-security-guide-0.1.73-1.el9_4
Regression:
None
Severity:
None

Pool Team:

rhel-sst-security-compliance
Sub-System Group:

ssg_security

Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
None

Acceptance Criteria:

Hide

TEST_PARAM:RULE=audit_rules_networkconfig_modification_network_scripts

PTP will be provided based on test results from the linked /CoreOS/scap-security-guide/per-rule/from-env/
{oscap,ansible}
tests and upstream stabilization testing (check all CIS Level2 profile related tests as Anaconda, Bash and Ansible hardening).

Show
TEST_PARAM:RULE=audit_rules_networkconfig_modification_network_scripts PTP will be provided based on test results from the linked /CoreOS/scap-security-guide/per-rule/from-env/ {oscap,ansible} tests and upstream stabilization testing (check all CIS Level2 profile related tests as Anaconda, Bash and Ansible hardening).
Git Pull Request:
https://github.com/ComplianceAsCode/content/pull/11724
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/132394
Test Coverage:
None

Experience:
Architecture:

Unspecified
Bugzilla Bug:
RHBZ: 2209660

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description of problem:
CIS RHEL 9 Benchmark 1.0.0 PDF states that network related changes should be monitored and then lists /etc/issue, /etc/issue.net, /etc/hosts, /etc/sysconfig/network, and /etc/sysconfig/network-scripts.

scap-security-guide-0.1.66-1.el9_1 only creates the following:

cat /etc/audit/rules.d/audit_rules_networkconfig_modification.rules
-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification
-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification
-w /etc/issue -p wa -k audit_rules_networkconfig_modification
-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification
-w /etc/hosts -p wa -k audit_rules_networkconfig_modification
-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification

This is missing /etc/sysconfig/network-scripts and it also does not cover typical network configuration changes on RHEL 9 which are in /etc/NetworkManager. Adding /etc/hostname might also be considered being a related configuration.

It looks like at least for CIS oscap should add at least /etc/sysconfig/network-scripts and /etc/NetworkManager for monitoring, perhaps also /etc/hostname. Thanks.

external trackers

Red Hat Issue Tracker RHELPLAN-158061

links to

https://tcms.engineering.redhat.com/case/617199/

https://tcms.engineering.redhat.com/case/617448/

RHBA-2024:132394 scap-security-guide bug fix and enhancement update

Assignee:: Jan Cerny

Reporter:: Marko Myllynen

Contributors:: Marcus Burghardt

Developer:: Jan Cerny

QA Contact:: Milan Lysonek

Votes:: 0 Vote for this issue

Watchers:: 13 Start watching this issue

Created:: 2023/08/09 9:41 AM

Updated:: 2024/06/05 10:15 AM

Resolved:: 2024/06/05 10:15 AM

Target start:: 2024/04/01

Dev Target end:: 2024/04/03

Release Date:: 2024/06/05

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates