Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-988

[RFE] Provide pci-dss required audit rules in the audit packages just like ospp audit rules

    • sst_security_special_projects
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • If docs needed, set a value
    • None

      Description of problem:

      I have copied the the 30-pci-dss-v31.rules in the /etc/audit/rules.d/ and rebuild the audit rules.

      The SCAP report for pci-dss fails on missing many audit rules.
      For example the 2 rules below:

      • xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr
      • xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir

      For the OSPP the provided rules in /usr/share/audit/sample-rules where enough to Pass all the Audit check of the OSPP SCAP run.
      I expected the same for PCI-DSS SCAP report, just copy the 30-pci-dss-v31.rules to the /etc/audit/rules.d/ and all Audit rules tests are getting Passed.

      Version-Release number of selected component (if applicable):

      How reproducible:

      Always

      Steps to Reproduce:

      • Copy usr/share/audit/sample-rules/30-pci-dss-v31.rules and the surround boiler plate 10-base-config and 99-finalize to /etc/audit/rules.d
      • Run augenrules
      • Run scap for pcidss
        /usr/bin/oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss -

      -results-arf /var/tmp/compliance-report-pci-dss.xml /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
      usr/bin/oscap xccdf generate report /var/tmp/compliance-report-pci-dss.xml

      Results:

      • Many failing SCAP tests on Audit

      Expectation

      • Audit tests in SCAP report are Passed

      Additional info:
      More info in case.

            scorreia@redhat.com Sergio Correia
            rhn-support-cweather Chris Weathers
            Sergio Correia Sergio Correia
            SSG Security QE SSG Security QE
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated: