Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1093

More complete CIS network remediation

XMLWordPrintable

    • sst_security_compliance
    • ssg_security
    • False
    • Hide

      None

      Show
      None
    • No
    • Hide

      TEST_PARAM:RULE=audit_rules_networkconfig_modification_network_scripts

      PTP will be provided based on test results from the linked /CoreOS/scap-security-guide/per-rule/from-env/

      {oscap,ansible}

      tests and upstream stabilization testing (check all CIS Level2 profile related tests as Anaconda, Bash and Ansible hardening).

      Show
      TEST_PARAM:RULE=audit_rules_networkconfig_modification_network_scripts PTP will be provided based on test results from the linked /CoreOS/scap-security-guide/per-rule/from-env/ {oscap,ansible} tests and upstream stabilization testing (check all CIS Level2 profile related tests as Anaconda, Bash and Ansible hardening).
    • Pass
    • Release Note Not Required

      Description of problem:
      CIS RHEL 9 Benchmark 1.0.0 PDF states that network related changes should be monitored and then lists /etc/issue, /etc/issue.net, /etc/hosts, /etc/sysconfig/network, and /etc/sysconfig/network-scripts.

      scap-security-guide-0.1.66-1.el9_1 only creates the following:

      1. cat /etc/audit/rules.d/audit_rules_networkconfig_modification.rules
        -a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification
        -a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification
        -w /etc/issue -p wa -k audit_rules_networkconfig_modification
        -w /etc/issue.net -p wa -k audit_rules_networkconfig_modification
        -w /etc/hosts -p wa -k audit_rules_networkconfig_modification
        -w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification

      This is missing /etc/sysconfig/network-scripts and it also does not cover typical network configuration changes on RHEL 9 which are in /etc/NetworkManager. Adding /etc/hostname might also be considered being a related configuration.

      It looks like at least for CIS oscap should add at least /etc/sysconfig/network-scripts and /etc/NetworkManager for monitoring, perhaps also /etc/hostname. Thanks.

            jcerny@redhat.com Jan Cerny
            myllynen Marko Myllynen
            Marcus Burghardt
            Jan Cerny Jan Cerny
            Milan Lysonek Milan Lysonek
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated: