-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-9.2.0
-
sst_security_compliance
-
ssg_security
-
False
-
-
No
-
Release Note Not Required
-
-
Unspecified
Description of problem:
CIS RHEL 9 Benchmark 1.0.0 PDF states that network related changes should be monitored and then lists /etc/issue, /etc/issue.net, /etc/hosts, /etc/sysconfig/network, and /etc/sysconfig/network-scripts.
scap-security-guide-0.1.66-1.el9_1 only creates the following:
- cat /etc/audit/rules.d/audit_rules_networkconfig_modification.rules
-a always,exit -F arch=b32 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification
-a always,exit -F arch=b64 -S sethostname -S setdomainname -F key=audit_rules_networkconfig_modification
-w /etc/issue -p wa -k audit_rules_networkconfig_modification
-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification
-w /etc/hosts -p wa -k audit_rules_networkconfig_modification
-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification
This is missing /etc/sysconfig/network-scripts and it also does not cover typical network configuration changes on RHEL 9 which are in /etc/NetworkManager. Adding /etc/hostname might also be considered being a related configuration.
It looks like at least for CIS oscap should add at least /etc/sysconfig/network-scripts and /etc/NetworkManager for monitoring, perhaps also /etc/hostname. Thanks.