Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-29308

audit rules for RHEL 9 CIS Benchmark point 4.1.3.5

XMLWordPrintable

    • scap-security-guide-0.1.73-1.el9_4
    • None
    • None
    • rhel-sst-security-compliance
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • No
    • Red Hat Enterprise Linux
    • None
    • x86_64
    • None

      What were you trying to do that didn't work?

       

      • RHEL 9 CIS Benchmark point 4.1.3.5: audit for network configuration changes on directory "/etc/sysconfig/network-scripts/"

       

      Please provide the package NVR for which bug is seen:

       

      scap-security-guide-0.1.72-1.el9_3.noarch

      How reproducible:

       

      • Always

      Steps to reproduce

      1.  On RHEL 9 system, install scap-security-guide
      2. Run ""ansible-playbook -i "localhost," -c local /usr/share/scap-security-guide/ansible/rhel9-playbook-cis.yml"

      Expected results

       

      • Directory "/etc/sysconfig/network-scripts/" included in generated audit rules.

        Actual results

       

      • Directory is not included.

       

       

      Aware of ifcfg deprecation on RHEL 9, but CIS Benchmark 4.1.3.5 still specifies audit for its location as verified on pdf downloaded from site (attached to issue). Customer on associated case is asking for it.

        1. CIS_Red_Hat_Enterprise_Linux_9_Benchmark_v1.0.0.pdf
          3.58 MB

            [RHEL-29308] audit rules for RHEL 9 CIS Benchmark point 4.1.3.5

            Errata Tool added a comment -

            Since the problem described in this issue should be resolved in a recent advisory, it has been closed.

            For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated files, follow the link below.

            If the solution does not work for you, open a new bug report.
            https://access.redhat.com/errata/RHBA-2024:3624

            Errata Tool added a comment - Since the problem described in this issue should be resolved in a recent advisory, it has been closed. For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2024:3624

            Milan Lysonek (Inactive) added a comment -

            Availability of updates were verified via CAT. Switching to Release Pending

            Milan Lysonek (Inactive) added a comment - Availability of updates were verified via CAT. Switching to Release Pending

            Milan Lysonek (Inactive) added a comment -

            Testing has been done https://issues.redhat.com/browse/RHEL-1093?focusedId=24684237&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-24684237

            Adding PTP

            Milan Lysonek (Inactive) added a comment - Testing has been done https://issues.redhat.com/browse/RHEL-1093?focusedId=24684237&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-24684237 Adding PTP

            GitLab CEE Bot added a comment -

            CPaaS Service Account mentioned this issue in a merge request of isc-devel / Openshift Compliance Midstream on branch rhaos-4.12-rhel-8_upstream_d31405ef276b3db1b61fa1198c0b4f49:

            Updated 2 upstream sources

            GitLab CEE Bot added a comment - CPaaS Service Account mentioned this issue in a merge request of isc-devel / Openshift Compliance Midstream on branch rhaos-4.12-rhel-8_ upstream _d31405ef276b3db1b61fa1198c0b4f49 : Updated 2 upstream sources

            Jan Cerny added a comment -

            A fix has been merged upstream in https://github.com/ComplianceAsCode/content/pull/11724

            Jan Cerny added a comment - A fix has been merged upstream in https://github.com/ComplianceAsCode/content/pull/11724

            Jan Cerny added a comment -

            CHANGELOG_ENTRY: Add audit rules on /etc/sysconfig/network-scripts

            Jan Cerny added a comment - CHANGELOG_ENTRY: Add audit rules on /etc/sysconfig/network-scripts

            Jan Cerny added a comment -

            Analysis: The request is valid, indeed we're missing a check and a remediation for the /etc/sysconfig/network-scripts. We need to extend rule audit_rules_networkconfig_modification to cover audit rules also for /etc/sysconfig/network-scripts or we can create a new rule covering this.

            Jan Cerny added a comment - Analysis: The request is valid, indeed we're missing a check and a remediation for the /etc/sysconfig/network-scripts. We need to extend rule audit_rules_networkconfig_modification to cover audit rules also for /etc/sysconfig/network-scripts or we can create a new rule covering this.

              jcerny@redhat.com Jan Cerny
              rhn-support-raldaz Raúl Aldaz
              Vojtech Polasek Vojtech Polasek
              Milan Lysonek Milan Lysonek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: